Information processing system, information processing method, electronic money service providing system, and recording medium

ABSTRACT

An electronic money system is provided which requires lower management and running cost, and features higher flexibility. An acquirer/brand holder managing an electronic money brand manages all keys used for authentication processing in the system, and issues the keys as necessary. The acquirer/brand holder distributes keys according to a tie-up agreement to IC card issuers, a POS center, an MMK center, and an affiliate merchant terminal unit. The POS center, the MMK center, and the affiliate merchant terminal unit are apparatuses for users to use the IC cards or for managing them. The acquirer/brand holder, however, does not distribute issued keys to cybershops which users can access by using a personal computer and a reader/writer. Instead, in this case the acquirer/brand holder saves the issued key itself, and carries out authentication processing with a predetermined IC card upon a request from the cybershop.

BACKGROUND OF THE INVENTION

[0001] 1. Field of the Invention

[0002] The present invention relates to an information processingsystem, an information processing method, an electronic money serviceproviding system, and a recording medium. More particularly, the presentinvention relates to an information processing system, an informationprocessing method, an electronic money service providing system, and arecording medium that allow many issuers and affiliate merchants toparticipate in one brand and permit a reduction in cost required fordistributing cryptographic keys to issuers and the affiliate merchantsand for running and managing a system in an electronic money business.

[0003]2. Description of the Related Art More integrated circuit (IC)cards are being used in electronic money systems and security systems.The IC card is a card-shaped device with an IC chip embedded therein,and mainly includes a processing unit, such as a central processing unit(CPU), for performing a variety of types of processing and a memory forstoring data necessary for processing. Data is read from or written tothe IC card by using a predetermined reader/writer in an electricalcontact state or a contactless state in which electromagnetic waves areutilized.

[0004] In using IC cards on an electronic money system, a securitysystem, or the like, it is important to ensure security, including theprotection of the confidentiality of data and the prevention of thefalsification of IC cards. It is necessary, therefore, to manageresources for storing data and to achieve control for flexible accesswith high security.

[0005] An electronic money business involving an IC card is constructedby three functions, namely, a brand holder that manages an electronicmoney brand, an acquirer that acquires and manages affiliate merchantsin the electronic money business, and an issuer that issues IC cards.

[0006] Heretofore, an electronic money business has been run by abusiness unit that integrally implements three functions, namely, abrand holder, an acquirer, and issuer. Alternatively, a plurality ofacquirers and a plurality of issuers may enter into partnership witheach other to create a single brand holder, with the individual domainsbeing independent.

[0007] However, when a single business unit integrally effecting thethree functions (a brand holder, an acquirer, and an issuer) runs anelectronic money business, the business unit has to assume all theinvestment in the systems required for running the electronic moneybusiness. These investment costs include the cost of hardware resources,such as terminal apparatuses for affiliate merchants, and the cost forissuing and managing IC cards in running the business. The electronicmoney systems are based on a prepaid system in which users pay inadvance or provisionally pay, so that the commission charges cannot beset higher than other settlement methods (e.g., credit cards and debitcards). This has made it difficult to increase profits in relation tothe initial investment.

[0008] However, when the respective business domains are independent anda plurality of acquirers and a plurality of issuers enter intopartnership for a single brand holder to run an electronic moneybusiness, the initial investment for running the business can be sharedamong the business domains, making it possible to reduce the initialinvestment assumed by each business unit. This, however, leads to acomplicated business conformation. Because the electronic money systemis run by a plurality of the business units in partnership, it becomesdifficult to share the revenue of the entire business among theindividual business domains.

[0009] In addition, when a single IC card is interactively operated by aplurality of service providers, arrangements must be made so that theinformation or applications regarding a specific service provided by acertain service provider cannot be accessed without authorization byanother service provider interactively operating the IC card. Thus, theinformation or applications for services to be carried out incooperation must be made sharable among the service providers in thepartnership while maintaining security at the same time.

[0010] However, setting up a brand holder, an acquirer, and an issuerdiscretely so as to make them independent means split business domains.This inevitably results in complicated distribution and management ofcryptographic keys used for the authentication processing required whenelectronic money is loaded into IC cards or electronic money is used ataffiliate merchants. This has led to an increase in the cost ofmaintaining and managing business systems.

SUMMARY OF THE INVENTION

[0011] The present invention has been developed in view of theshortcoming of the current state of the art as described above. It is anobject of the present invention to enable many issuers and affiliatemerchants to participate in a single brand and to permit a reduction inthe costs required for distributing cryptographic keys to issuers andaffiliate merchants and for running and managing a system therefor in anelectronic money business.

[0012] To this end, according to one aspect of the present invention, aninformation processing system is provided that includes a firstinformation processing apparatus managed by a first business entity. Thefirst information processing apparatus performs the management of anelectronic money brand in an electronic money service as well as themanagement of a business entity affiliated in the electronic moneyservice. A first information supplier and receiver supply information toand receive information from a third information processing apparatusmanaged by a second business entity. The second business entity providesa second information processing apparatus in which electronic moneyinformation and authentication information employed for authenticationprocessing for the electronic money service is recorded. A secondinformation supplier and receiver supplies information to and receivesinformation from a fourth information processing apparatus managed by athird business entity. The third business entity provides a service thatuses the electronic money. The fourth information processing apparatusincludes a first information recorder for recording the authenticationinformation used for the authentication processing for the electronicmoney service, and a second information recorder for recording theinformation regarding the second business entity and informationregarding a tie-up agreement between the first business entity and thesecond business entity, and a third information recorder for recordinginformation regarding the third business entity and informationregarding a tie-up agreement between the first business entity and thethird business entity.

[0013] The authentication information may include secret key informationto which DES has been applied.

[0014] The information processing system may further include a firstaccounting system for carrying out accounting with the second businessparty and a second accounting system for carrying out accounting withthe third business entity.

[0015] The information processing system may further include anauthenticating system for carrying out authentication processing byusing authentication information recorded by the first informationrecorder. The authenticating system can be caused to performauthentication processing by using the authentication informationregarding the third business entity recorded by the first informationrecorder if a signal requesting the execution of authenticationprocessing is input from the third business entity through the secondinformation supplier and receiver.

[0016] The information processing apparatus may further include a fourthinformation processing apparatus for rewriting the electronic moneyinformation recorded in the first information processing apparatus. Athird information supplier and receiver supplies and receivesinformation over a network, and a control signal generator generates acontrol signal which causes the first information processing apparatusto implement the loading of electronic money. The control signalgenerator generates a control signal for the first informationprocessing apparatus, which has been issued by the second businessentity, according to the information regarding the tie-up agreementbetween the first business entity and the second business entityrecorded by the second information recorder. The third informationsupplier and receiver outputs the control signal generated by thecontrol signal generator to the fourth information processing apparatus.

[0017] The network may be the Internet, and the third informationsupplier and receiver may exchange information with a fifth informationprocessing apparatus managed by the third business entity, wherein thethird business entity owns a virtual store on the Internet.

[0018] According to another aspect of the present invention, aninformation processing method is provided for a first informationprocessing apparatus managed by a first business entity managing a brandof an electronic money service and managing an electronic money serviceaffiliate business entity. The method includes a first informationgiving and receiving step for giving information to and receivinginformation from a second information processing apparatus managed by asecond business entity. The second business entity issues a portableelectronic device in which electronic money information andauthentication information used for authentication processing for theelectronic money service is recorded. A second information giving andreceiving step is performed for giving information to and receivinginformation from a third information processing apparatus managed by athird business entity that provides a service that uses the electronicmoney. A first recording step is performed for recording theauthentication information used for authentication processing related tothe electronic money service. A second recording step is performed forrecording the information regarding the second business entity and theinformation regarding a tie-up agreement between the first businessentity and the second business entity. A third recording step is alsoprovided for recording the information regarding the third businessentity and the information regarding a tie-up agreement between thefirst business entity and the third business entity. The processingperformed in the first information giving and receiving step generatesthe authentication information, which is output to and is recorded bythe processing of the first recording step, on the basis of theinformation regarding the tie-up agreement between the first businessentity and the second business entity recorded by the processing of thesecond recording step. The processing performed in the secondinformation giving and receiving step generates the authenticationinformation, which is output to and is recorded by the processing of thefirst recording step, on the basis of the information regarding thetie-up agreement between the first business entity and the thirdbusiness entity, recorded by the processing of the third recording step.The aforesaid portable electronic device includes an IC card, a portabletelephone incorporating an IC card feature, a portable informationterminal, a timepiece, and the like.

[0019] According to yet another aspect of the present invention, arecording medium is provided on which a computer-readable program hasbeen recorded. The computer readable program is provided for managing anelectronic money brand in an electronic money service and for managingan information processing apparatus operated by a first business entityengaged in acquiring and managing an affiliate business entity of theelectronic money service. The program includes a first informationgiving and receiving step for giving information to and receivinginformation from a second information processing apparatus operated by asecond business entity which issues a first information processingapparatus in which electronic money information and authenticationinformation used for authentication processing for the electronic moneyservice are recorded. The program further includes a second informationgiving and receiving step for giving information to and receivinginformation from a third information processing apparatus managed by athird business entity. The third business entity provides a service thatuses the electronic money. A first recording step records authenticationinformation used for authentication processing for the electronic moneyservice, and a second recording step records information regarding thesecond business entity and information regarding a tie-up agreementbetween the first business entity and the second business entity. Athird recording step records information regarding the third businessentity and information regarding a tie-up agreement between the firstbusiness entity and the third business entity. The processing of thefirst information giving and receiving step outputs the authenticationinformation, which has been recorded by the processing of the firstrecording step, on the basis of the information regarding the tie-upagreement between the first business entity and the second businessentity that has been recorded by the processing of the second recordingstep. Similarly, the processing of the second information giving andreceiving step outputs the authentication information, which has beenrecorded by the processing of the first recording step, on the basis ofthe information regarding the tie-up agreement between the firstbusiness entity and the third business entity that has been recorded bythe processing of the third recording step.

[0020] According to still another aspect of the present invention, asystem is provided for providing an electronic money service. The systemincludes a first information processing apparatus managed by a firstbusiness entity which manages an electronic money brand in an electronicmoney service and is engaged in acquiring and managing an affiliatebusiness entity of the electronic money service. The system furtherincludes a second information processing apparatus in which electronicmoney information and authentication information used for authenticationprocessing for the electronic money service are recorded. A thirdinformation processing apparatus is also provided. The third informationprocessing apparatus is managed by a second business entity issuing thesecond information processing apparatus. A fourth information processingapparatus is managed by a third business entity providing a service thatuses the electronic money. The system is configured such that the firstinformation processing apparatus includes a first information giver andreceiver for giving information to and receiving information from thethird information processing apparatus managed by the second businessentity. A second information giver and receiver is provided for givinginformation to and receiving information from the fourth informationprocessing apparatus managed by the third business entity. A firstrecorder records authentication information employed for authenticationprocessing related to the electronic money service, and a secondrecorder records information regarding the second business entity andinformation regarding a tie-up agreement between the first businessentity and the second business entity. A third recorder recordsinformation regarding the third business entity and informationregarding a tie-up agreement between the first business entity and thethird business entity. The first information giver and receiver outputsthe authentication information, which has been recorded by the firstrecorder, on the basis of the information regarding the tie-up agreementbetween the first business entity and the second business entity thathas been recorded by the second recorder. The second information givingand receiving means outputs the authentication information, which hasbeen recorded by the first recorder, on the basis of the informationregarding the tie-up agreement between the first business entity and thethird business entity that has been recorded by the third recorder. Thesecond information processing apparatus includes a fourth recorder forrecording the authentication information, which has been output to thethird information processing apparatus, by the first information giverand receiver. Finally, a fifth recorder records the electronic moneyinformation. The third information processing apparatus includes a thirdinformation giver and receiver for giving information to and receivinginformation from the first information processing apparatus. A sixthrecorder records the authentication information input by the thirdinformation giver and receiver. A seventh recorder records theinformation regarding the issuance of the second information processingapparatus, and a first authentication processor executes authenticationprocessing with the second information processing apparatus on the basisof the authentication information recorded by the sixth recorder. Thefourth information processing apparatus includes a fourth informationgiver and receiver for giving information to and receiving informationfrom the first information processing apparatus. An eighth recorderrecords the authentication information input by the fourth informationgiver and receiver, and a second authentication processor executesauthentication processing with the second information processingapparatus on the basis of the authentication information recorded by theeighth recorder.

[0021] The third information processing apparatus may further include aplurality of fifth information processing apparatuses for executing theprocessing for rewriting electronic money to information recorded by thefifth recorder of the second information processing apparatus, and afifth information giver and receiver for giving and receivinginformation. In this case, the first authentication processor executesauthentication processing on the basis of the authentication informationrecorded by the fourth recorder of the second information processingapparatus that has been input by the fifth information giver andreceiver.

[0022] The fourth information processing apparatus may further include aplurality of fifth information processing apparatuses for executing theprocessing for rewriting electronic money information recorded by thefifth recorder of the second information processing apparatus, and fifthinformation giver and receiver for giving and receiving information,wherein the second authentication processor executes authenticationprocessing on the basis of the authentication information recorded bythe fourth recorder of the second information processing apparatus thathas been input by the fifth information giver and receiver means.

[0023] The fourth information processing apparatus may further include afifth information giver and receiver for giving information to andreceiving information from the second information processing apparatus.The fourth information processing apparatus may also include a controlsignal generator for generating a control signal for rewritingelectronic money information recorded by the fifth recorder of thesecond information processing apparatus, wherein the secondauthentication processor executes authentication processing on the basisof the authentication information recorded by the fourth recorder of thesecond information processing apparatus that has been input by the fifthinformation giver and receiver.

[0024] The second information processing apparatus may further include aninth recorder for recording an application for implementing at leastone function among: a personal authentication card; an entering andleaving key; a commuter ticket; a point card; a membership card; a cashcard; a credit card; and a loan card.

[0025] In the embodiment of the invention, the second informationprocessing apparatus may be a contactless type IC card, a contact typeIC card, a portable telephone, a PDA, a personal computer, or atimepiece.

[0026] In the information processing system, the information processingmethod, and the program recorded in a recording medium in accordancewith the present invention, information is exchanged with a secondinformation processing apparatus managed by a second business entityissuing a first information processing apparatus in which electronicmoney information and the authentication information used forauthentication processing for an electronic money service are recorded.Information is also exchanged with a third information processingapparatus managed by a third business entity which provides a servicethat uses electronic money. Authentication information used forauthentication processing related to electronic money is recorded,information regarding the second business entity, and informationregarding a tie-up agreement between the first business entity and thesecond business entity are recorded. Information regarding the thirdbusiness entity and information regarding a tie-up agreement between thefirst business entity and the third business entity are also recorded.Authentication information is output on the basis of informationregarding the tie-up agreement between the first business entity and thesecond business entity, and authentication information is output on thebasis of the information regarding the tie-up agreement between thefirst business entity and the third business entity.

[0027] In the electronic money service providing system in accordancewith the present invention, information is exchanged with a thirdinformation processing apparatus managed by a second business entity.Information is exchanged with a fourth information processing apparatusmanaged by a third business entity, and authentication information usedfor authentication processing related to an electronic money service isrecorded. The information regarding the second business entity and theinformation regarding a tie-up agreement between the first businessentity and the second business entity are also recorded, as areinformation regarding a third business entity and information regardinga tie-up agreement between the first business entity and the thirdbusiness entity. Authentication information is output on the basis ofthe information regarding a tie-up agreement between the first businessentity and the second business entity, and authentication information isoutput on the basis of the information regarding a tie-up agreementbetween the first business entity and the third business entity in afirst information processing apparatus. Authentication information isrecorded and electronic money information is recorded in a secondinformation processing apparatus. Information is exchanged with thefirst information processing apparatus, input authentication informationis recorded, and the information regarding the issuance of the secondinformation processing apparatus is recorded. Authentication processingwith the second information processing apparatus is carried out on thebasis of the recorded authentication information in a third informationprocessing apparatus. Finally, information is exchanged with the firstinformation processing apparatus, input authentication information isrecorded, and authentication processing with the second informationprocessing apparatus is carried out on the basis of the recordedauthentication information in a fourth information processing apparatus.

[0028] Additional features and advantages of the present invention aredescribed in, and will be apparent from, the following DetailedDescription of the Invention and the figures.

BRIEF DESCRIPTION OF THE FIGURES

[0029]FIG. 1 is a diagram illustrating the configuration of anelectronic money service providing system to which the present inventionhas been applied;

[0030]FIG. 2 is a diagram illustrating the configuration of networkconnection in the electronic money service providing system, and alsoillustrating the issuance of keys by an acquirer/brand holder;

[0031]FIG. 3 is a diagram illustrating an IC card, a reader/writer, anda controller;

[0032]FIG. 4 is a block diagram showing the configuration of thereader/writer shown in FIG. 3;

[0033]FIG. 5 is a block diagram showing the configuration of the IC cardshown in FIG. 3;

[0034]FIG. 6 is a diagram illustrating a logic format of an EEPROM shownin FIG. 5;

[0035]FIG. 7 is a block diagram showing the configuration of thecontroller shown in FIG. 3;

[0036]FIG. 8 is a block diagram showing the configuration of a personalcomputer shown in FIG. 2;

[0037]FIG. 9 is a block diagram showing the configuration of theacquirer/brand holder;

[0038]FIG. 10 is a block diagram showing the configuration of an issuer;

[0039]FIG. 11 is a block diagram showing the configuration of anotherissuer;

[0040]FIG. 12 is a diagram illustrating the dispositions of keys forloading electronic money at a loading terminal unit or MMK;

[0041]FIG. 13 is a flowchart illustrating the processing of loadingelectronic money at a loading terminal unit or MMK;

[0042]FIG. 14 is a diagram illustrating the dispositions of keys forloading electronic money over the Internet;

[0043]FIG. 15 is a flowchart illustrating the processing of loadingelectronic money over the Internet;

[0044]FIG. 16 is a flowchart illustrating the processing carried outwhen an acquirer/brand holder acts as a proxy for loading electronicmoney over the Internet;

[0045]FIG. 17 is a diagram illustrating the dispositions of keys thatmake it possible to carry out the processing for the purchase of acommercial product or service by using an IC card at a store;

[0046]FIG. 18 is a flowchart illustrating the processing for thepurchase of a commercial product or service by using an IC card at astore;

[0047]FIG. 19 is another flowchart illustrating the processing for thepurchase of a product or service by using an IC card at a store;

[0048]FIG. 20 is a diagram illustrating the dispositions of keys thatmake it possible to carry out the processing for the purchase of aproduct or service by using an IC card at a cybershop; and

[0049]FIG. 21 is a flowchart illustrating the processing for thepurchase of a commercial product or service by using an IC card at acybershop.

DETAILED DESCRIPTION OF THE INVENTION

[0050] The following will describe the embodiments of the presentinvention with reference to the accompanying drawings.

[0051]FIG. 1 shows the configuration of an electronic money system towhich the present invention has been applied. An acquirer/brand holder 1acting as an operating main unit runs the operation of a service relatedto electronic money of its own brand (hereinafter referred to as “theservice”). The acquirer/brand holder 1 manages all keys required for anissuer 2 and a merchant 4 having a tie-up for the service to carry out avariety of types of processing related to the electronic money of thebrand run and managed by the acquirer/brand holder 1, and issues thekeys to the issuer 2 or the merchant 4, as necessary. Acquiring themerchant 4 participating in the service is one of the duties of theacquirer/brand holder 1.

[0052] The keys issued from the acquirer/brand holder 1 are secret keys,and conform to, for example, data encryption standard (DES) or the like.The DES is an encrypting system for encrypting and decrypting data bydelimiting the data by every 64 bits. According to a DES algorithm,encryption and decryption are symmetrical, and a received encrypted textcan be converted again using the same key to restore originalinformation.

[0053] According to the DES, simple bit position transposition and XORoperation combinational logic is repeated sixteen times. Internally,there is no data feedback or conditional decisions, and processing issequential. Hence, fast processing can be accomplished by pipelineprocessing. The DES is an algorithm originally designed for an LSI, andnumerous DES chips are available.

[0054] The issuer 2 is, for example, a bank, a credit card company, arailroad company, or other business entity. The issuer 2 that has atie-up with the acquirer/brand holder 1 may incorporate the functions,which are related with the electronic money of a brand managed and runby the acquirer/brand holder 1, in an IC card or the like issued by theissuer 2 according to the tie-up agreement thereof, and may alsoincorporate a key issued by the acquirer/brand holder 1.

[0055] The hardware issued by the issuer 2 is not limited to an IC card.As the hardware, diverse information processing devices, e.g., portabletelephones, personal digital (data) assistants (PDA's), personalcomputers, or timepieces, may be used as long as they have the functionsfor implementing various types of processing for the electronic money ofthe brand managed and run by the acquirer/brand holder 1 and are capableof securely holding keys. In this case, the descriptions will be givenon an assumption that the hardware issued by the issuer 2 is an IC card.

[0056] The IC card issued by the issuer 2 may carry a function otherthan the one for electronic money. For example, the IC card may alsocarry a function of, for example, a personal authentication exemplifiedby an employee ID, an entering and leaving card (electronic key) for abuilding or room, a commuter ticket, a point card, a membership card, acash card, a credit card, or a loan card. In other words, theapplication software for implementing these functions can be recorded inthe IC card.

[0057] A user 3, that is, the owner of the IC card, may record thevalue, i.e., electronic money, issued by the issuer 2 in the IC cardissued by the issuer 2. The cost corresponding to the electronic moneycan be settled by cash, a credit card, withdrawal from the deposit of abank account, etc. The user 3 can enjoy consumption activities, such aspurchasing goods or using a service by using the electronic moneyrecorded in the IC card at the merchant 4 participating in the service.

[0058] By entering into a partnership with the acquirer/brand holder 1,the merchant 4 receives the keys required for the authenticationprocessing to exchange various types of information with IC cards, andprovides a variety of services to the user 3 according to a tie-upagreement.

[0059] The merchant 4 sends a bill for goods or service obtained by theuser 3 by using the IC card to the acquirer/brand holder 1. Theacquirer/brand holder 1 invoices the issuer 2. If electronic money forthe IC card owned by the user 3 is issued in exchange of the receipt ofcash, then the issuer 2 will already have obtained the money for theelectronic money issued. On the other hand, if the electronic moneyissued is paid by a credit card or the withdrawal from the deposit of abank account, etc., then the issuer 2 sends an invoice covering the costfor the issued electronic money to a financial institution 5, such as abank or a credit company. The financial institution 5 invoices the user3, who has received the issued electronic money, for the charge of theelectronic money according to the same invoicing method as aconventional invoicing method used for the user 3 that employs a paymentmethod, such as a credit card or the withdrawal from the deposit of abank account.

[0060] Referring to FIG. 2, the descriptions will now be given of theconfiguration of the network connections among the acquirer/brand holder1, the issuer 2, various terminal units installed at the merchant 4 thathas participated in the service, a cybershop that is opened on theInternet and has a tie-up for the service, and a personal computer ownedby the user 3. The issuance of the keys by the acquirer/brand holder 1will also be described.

[0061] The acquirer/brand holder 1 issues predetermined keys to issuers2-1 and 2-2 in partnership therewith according to a tie-up agreement.The issuer 2-1 does not directly provide a service to the user 3 over anInternet 11, while the issuer 2-2 does. The issuer 2-1 issues an IC card12-1, which holds a key issued by the acquirer/brand holder 1 therein,to the user 3. The issuer 2-1 also manages a loading terminal unit 13-1for loading electronic money into the IC card 12-1. Similarly, theissuer 2-2 issues an IC card 12-2, which holds a key issued by theacquirer/brand holder 1 therein, to the user 3, and also manages aloading terminal unit 13-2 for loading electronic money into the IC card12-2.

[0062] In this case, the descriptions have been given on an assumptionthat the two issuers, namely, the issuer 2-1 and the issuer 2-2, are inpartnership with the acquirer/brand holder 1. The fact, however, is thata plurality of issuers that do not provide the user 3 with a serviceover the Internet 11 and a plurality of issuers that provide the user 3with a service over the Internet 11 have tie-ups with the acquirer/brandholder 1, and individually receive issued keys according to a tie-upagreement and issue IC cards, which hold the keys therein, to the users3. In the description given below, unless it is necessary todiscriminate the issuers 2-1 and 2-2, the issuers will be genericallyreferred to simply as “the issuer 2”. Unless it is necessary todiscriminate the IC cards 12-1 and 12-2, the IC cards will begenerically referred to simply as “the IC card 12”. Similarly, unlessthe loading terminal units 13-1 and 13-2 must be discriminated, theywill be generically referred to simply as “the loading terminal unit13”.

[0063] The acquirer/brand holder 1 issues a key according to a tie-upagreement so as to enable the user 3 to use the IC card 12 at themerchant 4 having a tie-up on a service, that is, to enable the exchangeof information between the IC card 12 and the terminal unit installed atthe merchant 4. The methods whereby the acquirer/brand holder 1 issueskeys to the merchant 4 are roughly classified into three types.

[0064] For example, when a corporation having a plurality of merchants4, typically represented by chain store merchants, obtains a tie-up forthe service, the acquirer/brand holder 1 issues and distributes keys toa point-of-sale (POS) center 17 that has control over the merchants. Anaffiliate merchant terminal unit 18 installed at each merchant 4 that ismanaged by the POS center 17 (only one affiliate merchant terminal unit18 is shown in FIG. 2; in reality, however, the affiliate merchantterminal units 18 are installed at a plurality of merchants 4) isconnected with the POS center 17 by using, for example, a dedicatedline. Thus, when the user 3 uses the electronic money for the service inthe affiliate merchant terminal unit 18, the affiliate merchant terminalunit 18 connects to the POS center 17 thereby to carry outauthentication processing with the IC card 12.

[0065] If the affiliate merchant terminal unit 18 employs an advancedtamperproof technology (a technology for physically and logicallypreventing an internal analysis or falsification of a semiconductor chipor the like), then the keys distributed to the POS center 17 may bestored in the individual affiliate merchant terminal units 18 so as toimplement authentication processing between the affiliate merchantterminal units 18 and the IC card 12.

[0066] Although FIG. 2 shows only one POS center 17, it is needless tosay that a plurality of POS centers 17 may receive keys issued from theacquirer/brand holder 1 according to a tie-up agreement and carry outthe authentication processing between the affiliate merchant terminalunits 18 managed by the POS centers 17 and the IC cards 12.

[0067] For instance, when the service is provided at a multi-media KIOSK(MMK) 20 installed at a convenience store or a station, theacquirer/brand holder 1 issues and distributes keys to an MMK center 19that has control over the MMK 20 installed at each merchant 4.

[0068] The MMK 20, which is a type of multi-media terminal, is amultifunctional terminal that combines an automatic teller machine (ATM)and a terminal having such functions as proxy payment of public utilitycharges and electronic commerce (EC). The MMK 20 is connected with theMMK center 19 by using, for example, a dedicated line. While FIG. 2shows only one MMK 20, the MMK's 20 are actually installed at aplurality of merchants 4. When the user 3 uses the electronic money forthe service at the MMK 20, the MMK 20 connects to the MMK center 19 soas to perform authentication processing with the IC card 12.Alternatively, as in the case with the affiliate merchant terminal unit18, if the MMK 20 employs an advanced tamperproof technology, then keysmay be stored at the individual MMK's 20 to perform the authenticationprocessing between the MMK's 20 and the IC card 12.

[0069] If the MMK 20 has a function for providing the service of loadingelectronic money into the IC card 12, then the MMK center 19 isconnected to an associated issuer 2 so as to permit the exchange ofinformation regarding the accounting generated from the electronic moneyloading service.

[0070] Although FIG. 2 shows only one MMK center 19, it is obvious thata plurality of MMK centers 19 may receive keys issued from theacquirer/brand holder 1 according to a tie-up agreement thereby toperform the authentication processing between the MMK 20, which ismanaged by the MMK centers 19, and the IC card 12.

[0071] If independent merchants 4 having no central organizationcontrolling them independently enter into partnership for the service,then the acquirer/brand holder 1 issues and distributes keys toaffiliate merchant terminal units 21 installed at the respectivemerchants 4. The affiliate merchant terminal units 21 store the keys toimplement the authentication processing between the affiliate merchantterminal units 21 and the IC card 12.

[0072] Alternatively, the acquirer/brand holder 1 may beonline-connected with the affiliate merchant terminal units 21 so as torecord keys in the acquirer/brand holder 1 rather than distributing thekeys to the affiliate merchant terminal units 21. The affiliate merchantterminal units 21 transmit authentication information to theacquirer/brand holder 1 to request the execution of authenticationprocessing before starting various types of processing with the IC card12. This may generate cost for the processing of each transaction, butobviate the need for introducing an advanced tamper-proof technologyinto the affiliate merchant terminal units 21.

[0073] Although FIG. 2 shows only one affiliate merchant terminal unit21, it is obvious that a plurality of affiliate merchant terminal units21 may receive keys issued from the acquirer/brand holder 1 according toa tie-up agreement thereby to carry out the authentication processingwith the IC card 12.

[0074] The user 3 may use a reader/writer 15 connected to a personalcomputer 14 to exchange information with the IC card 12. This enablesthe user 3 to connect to, for example, the issuer 2-2 over the Internet11 thereby to load electronic money or purchase goods at a cybershop 16opened on the Internet 11 without going to the merchant 4. The cybershop16 is connected to the Internet 11 and introduces its goods or servicesor exhibits web content for sale on the Internet 11. The personalcomputer 14, the reader/writer 15, and the cybershop 16 can exchangeinformation with the IC card 12 over the Internet 11, thereby providinga variety of services to the user 3.

[0075] The cybershop 16 accepts the issuance of keys according to atie-up agreement with the acquirer/brand holder 1, but does not acceptthe supply of the issued keys. The acquirer/brand holder 1 saves thekeys issued to the cybershop 16 and implements the authenticationprocessing with a predetermined IC card 12 upon request from thecybershop 16. In other words, the system is adapted not to supply keysover the Internet 11.

[0076]FIG. 2 shows only one each of cybershop 16, the personal computer14, and the reader/writer 15, and the descriptions have been giventhereof. Obviously, however, an alternative arrangement may be made sothat a plurality of cybershops 16 accept the issuance of keys from theacquirer/brand holder 1 and receive the input of the authenticationinformation from the IC card 12 through the intermediary of thereader/writer 15, the personal computer 14, and the Internet 11according to a tie-up agreement thereof, and send a request forauthentication processing to the acquirer/brand holder 1 thereby toprovide diverse services to the user 3.

[0077] Preferably, the information, including the keys, described inconjunction with FIG. 2 is exchanged by communication through adedicated line as much as possible, attaching importance to security.If, however, a wide area network, such as the Internet 11, is inevitablyused in some connection, then the information transferred is encryptedusing, for example, a secure sockets layer (SSL).

[0078] For especially important information, such as authenticationinformation, including keys, and the information regarding the balanceof the electronic money of the IC card 12, the system's own encryptingand decrypting rules may be established to exchange informationaccording to the rules. In the communication of the information, if itis unavoidable to use a wide area network such as the Internet 11, thenthe information to be exchanged may be encrypted according to thesystem's own rules and further encrypted according to the SSL.

[0079] The keys supplied from the acquirer/brand holder 1 may be savedin, for example, a magnetic disk (including a floppy disk), an opticaldisk (including a CD-ROM (Compact Disk-Read Only Memory)) and a DVD(Digital Versatile Disk)), a magneto-optical disk (including a MD(Mini-Disk), or a removable medium, such as a semiconductor memory, anddistributed to the issuer 2, the POS center 17, the MMK center 18, orthe affiliate merchant terminal unit 21.

[0080] By constructing such a system, the merchant 4, a corporationhaving many merchants 4 (e.g., a convenience store), or a corporationthat operates in the form of the MMK 20 or the cybershop 16 on theInternet 11 rather than having the merchant 4 as an actual outlet store,can select services that are in line with its businesses and providethem to the user 3 through the system. The system also enables the user3 to select the issuer 2 that issues the IC card 12 having a tie-up onthe service that the user 3 wishes to use, and receive the IC card 12issued.

[0081] Furthermore, although the system features such a high degree offlexibility, the management of the brands of electronic money and thekeys used for authentication processing is centralized. It is possible,therefore, to control the management and running cost of the entiresystem and to realize secure exchange of information.

[0082] As described in conjunction with FIG. 2, the keys based on tie-upagreements are issued and supplied from the acquirer/brand holder 1 tothe issuer 2, the POS center 17, the MMK center 18, and the affiliatemerchant terminal units 21 that have tie-ups for the service. Theloading terminal unit 13, the affiliate merchant terminal units 18 and21, and the MMK 20 individually include a reader/writer and a controllerfor controlling the reader/writer, and are adapted to performcommunication with the IC card 12 in a contactless mode or an electricalcontact mode. In this case, it is assumed that the IC card 12 and thereader/writer carry out contactless communication, and the loadingterminal unit 13, the affiliate merchant terminal units 18 and 21, andthe MMK 20 individually include a reader/writer 31 and a controller 32shown in FIG. 3.

[0083] In a contactless card system shown in FIG. 3, data is transferredbetween the reader/writer 31 and the IC card 12 in the contactless modeby using electromagnetic waves. More specifically, the reader/writer 31transmits a predetermined command to the IC card 12, and the IC card 12receives the command and carries out the processing based on thecommand. The IC card 12 then transmits response data based on the resultof the processing to the reader/writer 31.

[0084] The reader/writer 31 is connected to the controller 32 throughthe intermediary of a predetermined interface (e.g. an interfaceconforming to the RS-485A standard, etc.). The controller 32 supplies apredetermined control signal to the reader/writer 31 thereby to causethe reader/writer 31 to perform predetermined processing.

[0085]FIG. 4 is a block diagram showing the configuration of thereader/writer 31. The reader/writer 15 shown in FIG. 2 basically sharesthe configuration similar to that of the reader/writer 31 shown in FIG.4; therefore, the description thereof will be omitted.

[0086] An IC 41 is constructed to provide a data processing unit (DPU)51 for processing data, a signal processing unit (SPU) 52 for processingthe data to be transmitted to the IC card 12 and the data received fromthe IC card 12, a serial communication controller (SCC) 53 forperforming communication with the controller 32, and a memory 54 havinga read only memory (ROM) 61 for storing beforehand information necessaryfor processing data and a random access memory (RAM) 62 for temporarilystoring data under processing. The components from the DPU 51 throughthe memory 54 are interconnected through a bus 55.

[0087] A flash memory 42 for storing predetermined data, including, forexample, the data necessary for authentication (e.g. the keys or thelike supplied from the acquirer/brand holder 1), and a drive 47 are alsoconnected to the bus 55. The drive 47 is equipped with a magnetic disk65, an optical disk 66, a magneto-optical disk 67, and a semiconductormemory 68, as necessary, to exchange data.

[0088] An antenna 46 monitors a load by radiating predeterminedelectromagnetic waves to detect whether the IC card 12 has been set, andexchanges data with the set IC card 12. The exchange of data with the ICcard 12 will be discussed in detailed hereinafter.

[0089] A demodulating circuit 44 demodulates the modulated waves,namely, amplitude shift keying (ASK) modulated waves, received throughthe antenna 46, and outputs the demodulated data to the SPU 52.

[0090] The SPU 52 receives response data, which has been transmittedfrom the IC card 12, through the demodulating circuit 44, and implementspredetermined processing, such as binary phase shift keying (BPSK)modulation (e.g., coding into Manchester codes) on the data. Similarly,the SPU 52 also carries out predetermined processing on a command to betransmitted to the IC card 12, then outputs the result to a modulatingcircuit 43.

[0091] A DPU 51 receives the response data from the IC card 12 throughthe intermediary of the SPU 52 and the bus 55, or a control signal inputfrom the controller 32 through the intermediary of the SCC 53 and thebus 55, performs the processing based on the received response data orcontrol signal. The DPU 51 outputs a command, which is to be transmittedto the IC card 12, to the SPU 52 through the intermediary of the bus 55,or outputs the data, which is to be supplied to the controller 32, tothe SCC 53 through the intermediary of the bus 55.

[0092] The modulating circuit 43 performs the ASK modulation on carrierwaves of a predetermined frequency (e.g., 13.56 MHz) supplied from theoscillator (OSC) 45 on the basis of the data supplied from the SPU 52,and outputs the generated modulated waves, as electromagnetic waves, tothe IC card 12 through the antenna 46. At this time, the modulatingcircuit 43 performs the ASK modulation with a modulation degree below 1,thereby preventing the maximum amplitude of modulated waves frombecoming zero even if data is of a low level.

[0093] The SCC 53 supplies the data received from the controller 32 tothe DPU 51 through the intermediary of the bus 55, or outputs the datareceived from the DPU 51 through the intermediary of the bus 55 to thecontroller 32.

[0094]FIG. 5 is a block diagram showing the configuration of the IC card12 shown in FIG. 1.

[0095] An IC 71 of the IC card 12 receives, through the antenna 73,modulated waves transmitted from the reader/writer 31 or thereader/writer 15. A capacitor 72 constitutes an LC circuit together withthe antenna 73, and tunes to or resonates with electromagnetic waves ofa predetermined frequency (carrier frequency).

[0096] An interface 81 of the IC 71 detects and demodulates themodulated waves or ASK-modulated waves received via the antenna 73, andoutputs the demodulated data to a BPSK demodulator 82 and a phase lockedloop (PLL) 83. The interface 81 also stabilizes, by using a voltageregulator 92, the signals detected by an ASK demodulator 91, andsupplies the stabilized signals as DC power to individual circuits.Furthermore, the interface 81 produces signals of the same frequency asthe clock frequency of data by using an oscillating circuit 93, andoutputs the produced signals to the PLL 83.

[0097] To transmit data from the IC card 12 to the reader/writer 31, anASK modulator 94 of the interface 81 turns ON/OFF, for example, apredetermined switching device on the basis of the data supplied from anoperation part 84 through the intermediary of a BPSK modulator 88, andconnects a predetermined load in parallel to the antenna 73 only whenthe switching device is ON so as to vary the load on the antenna 73acting as a power source of the IC card 12. In response to a change inthe load on the antenna 73, the ASK modulator 94 carries out the ASKmodulation on the modulated waves received through the antenna 73. Whenthe reader/writer 31 receives data from the IC card 12, i.e., when theIC card 12 transmits data, the maximum amplitude of the output modulatedwaves is maintained at a fixed level, and the modulated waves aresubjected to the ASK modulation at a change in the load on the antenna73. The modulated components are transmitted to the reader/writer 31 viathe antenna 73. In other words, a terminal voltage of the antenna 46 ofthe reader/writer 31 is changed.

[0098] From the data supplied from the ASK demodulator 91, the PLL 83generates a clock signal synchronized to the data, and outputs the clocksignal to the BPSK demodulator 82 and the BPSK demodulator 88. If thedata demodulated by the ASK demodulator 91 is BPSK-modulated, then theBPSK demodulator 82 performs demodulation (decoding of Manchester codes)on the data on the basis of the clock signal supplied from the PLL 83,and outputs the demodulated data to the operation part 84.

[0099] If the data supplied from the BPSK demodulator 82 has beenencoded, then the operation part 84 decodes the data by theencoder/decoder 96, then processes the data by a sequencer 95. If thedata has not been encoded, then the data supplied from the BPSKdemodulator 82 is directly supplied to the sequencer 95 without theintermediary of the encoder/decoder 96.

[0100] The sequencer 95 implements various types of processing on thebasis of received commands. More specifically, the sequencer 95, forexample, writes/reads data to/from an electrically erasable andprogrammable read only memory (EEPROM) 86, and carries out othernecessary operational processing on data. Furthermore, the sequencer 95controls the access to the EEPROM 86 by carrying out authentication, andconducts control over the EEPROM 86.

[0101] A parity operator 97 of the operation part 84 calculates, forexample, a Reed-Solomon code, as a parity from the data to be stored inthe EEPROM 86 or the data stored in the EEPROM 86. After implementingpredetermined processing by the sequencer 95, the operation part 84outputs response data based on the processing, that is, the data to betransmitted to the reader/writer 31, to the BPSK modulator 88. The BPSKmodulator 88 performs BPSK modulation on the data supplied from theoperation part 84, and outputs the modulated data to the ASK modulator94 of the interface 81.

[0102] A ROM 85 stores programs for the sequencer 95 to implementprocessing and the data necessary for running the programs. A RAM 87temporarily stores data or the like while the sequencer 95 is performingprocessing. The EEPROM 86 is a nonvolatile memory, and continues tostore data after the IC card 12 finishes communication with thereader/writer 31 and the power supply is interrupted.

[0103] The processing for the transfer of data between the reader/writer31 and the IC card 12 will now be described.

[0104] The reader/writer 31 described in conjunction with FIG. 4monitors the load on the antenna 46 in a state where predeterminedelectromagnetic waves are radiated from the antenna 46, and stands byuntil it detects a change in the load caused by the approach of the ICcard 12. As an alternative, the reader/writer 31 may perform processing(polling) wherein a predetermined short pattern of data in anASK-modulated electromagnetic wave is radiated thereby to repeatedlyissue a call to the IC card 12 until it receives a response from the ICcard 12 within a predetermined time.

[0105] When the reader/writer 31 detects the approach of the IC card 12,the SPU 52 of the reader/writer 31 carries out the BPSK modulation onthe data to be transmitted to the IC card 12 (e.g., a command for theprocessing to be performed by the IC card 12, and the data to be writtento the IC card 12), using a rectangular wave of a predeterminedfrequency (e.g., a frequency that is twice the clock frequency of data)as a carrier wave. The generated modulated wave (a BPSK-modulatedsignal) is output to the modulating circuit 43.

[0106] During the BPSK modulation, it is possible to accommodate data tophase changes of modulated waves by utilizing differential conversion.In this case, even if a BPSK-modulated signal is inverted, demodulationto original data is possible, thus obviating the need for theconsideration of the polarity of modulated waves.

[0107] The modulating circuit 43 carries out the ASK modulation on thereceived BPSK-modulated signal at a modulation degree (=max. amplitudeof data signal / max. amplitude of carrier wave) below 1(e.g., 0.1). Thegenerated modulated wave, which is an ASK-modulated wave, is transmittedto the IC card 12 through the antenna 46.

[0108] When no transmission is performed, the modulating circuit 43 isadapted to generate modulated waves at, for example, high level betweentwo levels, namely, high level and low level, of digital signals.

[0109] In the IC card 12 described in conjunction with FIG. 5, the LCcircuit constructed by the antenna 73 and the capacitor 72 converts apart of the electromagnetic wave radiated by the antenna 46 of thereader/writer 31 into an electrical signal. The electrical signal(modulated wave) is output to the interface 81 of the IC 71. The ASKdemodulator 91 of the interface 81 rectifies and smoothes the modulatedwave to perform envelope detection, and supplies the signal generatedthereby to the voltage regulator 92. The ASK demodulator 91 alsosuppresses the DC component of the signal to extract a data signal, andoutputs the data signal to the BPSK demodulator 82 and the PLL 83.

[0110] At this time, a terminal voltage V0 of the antenna 73 isrepresented by, for example, expression (1) shown below:

V0=V10 (1+k×Vs(t)) cos ((t)  (1)

[0111] where V10 cos ((t) denotes a carrier wave, k denotes a modulationdegree, and Vs(t) denotes the data output by the SPU 52.

[0112] A low-level value VLR at a voltage V1 after the rectification bythe ASK demodulator 91 is represented by, for example, expression (2)shown below:

VLR=V10 (1+k×(−1))−Vf  (2)

[0113] where Vf denotes a voltage drop in a diode (not shown)constituting a rectifying circuit for rectifying and smoothing in theASK demodulator 91, and is typically about 0.7 volts.

[0114] Upon receipt of the signal that has been rectified and smoothedby the ASK demodulator 91, the voltage regulator 92 stabilizes thesignal and supplies it as a DC power source to individual circuits,including the operation part 84. In this case, as mentioned above, sincethe modulation degree k of the modulated wave is below 1, thefluctuation in voltage, i.e., the difference between the high level andthe low level, after rectification is small. Hence, a DC power sourcecan be easily generated in the voltage regulator 92.

[0115] If, for example, a modulated wave having the modulation degree kof 5% is received so that V10 is 3 volts or more, then the low-levelvoltage VLR after rectification will be 2.15 (=3×(1−0.05)−0.7) volts ormore, and the voltage regulator 92 will be able to supply a voltage thatis sufficient as a power source to the circuits. Furthermore, in thiscase, an amplitude 2×k×V10 (peak-to-peak value) of the AC component(data component) of the voltage V1 after rectification will be 0.3(=2×0.05×3) volts or more, allowing the ASK demodulator 91 to demodulatethe data at a sufficiently high S/N ratio.

[0116] Thus, utilizing the ASK-modulated waves having the modulationdegree k below 1 accomplishes communication with a lower error rate,i.e., a higher S/N ratio, and also supplies a DC voltage, which isadequate as a power source, to the IC card 12.

[0117] Upon receipt of data (BPSK-modulated signal) from the ASKdemodulator 91, the BPSK demodulator 82 demodulates the data accordingto the clock signal supplied from the PLL 83, and outputs thedemodulated data to the operation part 84.

[0118] If the data supplied from the BPSK demodulator 82 has beenencoded, then the operation part 84 decodes it by using theencoder/decoder 96, and supplies the data to the sequencer 95 forfurther processing. During that time, i.e., from the moment the data istransmitted to the IC card 12 to the moment a response thereto isreceived, the reader/writer 31 stands by after the data having a valueof 1 is transmitted. Accordingly, during that time, the IC card 12receives modulated waves having a fixed maximum amplitude.

[0119] Upon completion of processing, the sequencer 95 outputs responsedata mainly relating to a result of the processing (the data to betransmitted to the reader/writer 31) to the BPSK modulator 88. The BPSKmodulator 88 carries out the BPSK modulation (coding into Manchestercodes) on the received data, then outputs the modulated data to the ASKmodulator 94 of the interface 81.

[0120] Subsequently, the ASK modulator 94 changes the load connected toboth ends of the antenna 73 according to the data from the BPSKmodulator 88 by using a switching device or the like thereby to performthe ASK modulation on the received modulated wave (the maximum amplitudeof the modulated wave output from the reader/writer 31 is fixed whendata is transmitted by the IC card 12, as mentioned above) according tothe data to be transmitted. Thus, a terminal voltage of the antenna 46of the reader/writer 31 is changed, and the data is sent to thereader/writer 31.

[0121] Meanwhile, the modulating circuit 43 of the reader/writer 31continues to transmit data having a value of 1 (high level) whilereceiving data from the IC card 12. In the demodulating circuit 44, thedata transmitted from the IC card 12 is detected from a very smallfluctuation (e.g., several tens of microvolts) in the terminal voltageof the antenna 46 electromagnetically connected to the antenna 73 of theIC card 12.

[0122] In the demodulating circuit 44, the detected signal (theASK-modulated wave) is amplified by a high-gain amplifier (not shown)and demodulated, then the resulting digital data is output to the SPU52. The SPU 52 demodulates the received data (the BPSK-modulated signal)and outputs the demodulated data to the DPU 51 through the bus 55. TheDPU 51 processes the data received from the SPU 52, and determineswhether the communication should be terminated or not according to theresult of the processing. If the DPU 51 determines that thecommunication should be performed again, then the communication betweenthe reader/writer 31 and the IC card 12 is performed in the same manneras described above. Conversely, if the DPU 51 determines that thecommunication is to be terminated, then the processing for thecommunication between the reader/writer 31 and the IC card 12 isterminated.

[0123] Thus, the reader/writer 31 utilizes the ASK modulation, whereinthe modulation degree k is below 1, to transmit data to the IC card 12,and the IC card 12 receives the data and implements the processingassociated with the data, then returns the data based on a result of theprocessing to the reader/writer 31.

[0124] Referring now to FIG. 6, the logical format of the EEPROM 86shown in FIG. 5 will be described.

[0125] The EEPROM 86 is constituted in units of blocks. For instance, inFIG. 6, one block includes 16 bytes.

[0126] In FIG. 6, logical addresses are given in an ascending order, thelogical address of the uppermost block being #0000h (“h” denoteshexadecimal). The logical addresses shown in FIG. 6 range from #0000h to#FFFFh, so that 65536 (=216) blocks are included.

[0127] Each block is used as a user block or a system block. The blocksof the EEPROM 86 are allotted to the user blocks in the ascending orderof the logical addresses, and to the system blocks in the descendingorder of the logical addresses. This means that, in FIG. 6, the number15 of the user blocks increases downward, whereas the number of thesystem blocks increases upward. When available blocks run out, then nomore user blocks or system blocks can be made. Thus, the boundarybetween the user blocks and the system blocks is not fixed, and there isno particular limit on the number of the user blocks or the number ofthe system blocks. In the case shown in FIG. 6, however, the totalnumber of the user blocks and the system blocks is limited to 65536 orless.

[0128] There are five types of the system blocks, namely, manufacture ID(identification) blocks, issuance ID blocks, system definition block,area definition blocks, and service definition blocks. In the case shownin FIG. 6, the blocks indicated as the area definition blocks or theservice definition blocks are indicated as area/service definitionblocks.

[0129] Of the system blocks, the three blocks, namely, the manufactureID blocks, the issued ID blocks, and the system definition blocks, willhave basically already been disposed when the IC card 12 is issued, andare located at logical addresses #FFFFh, #FFFEh, and #FFFDh,respectively. The area/service definition blocks are disposed in apreparing order at logical address #FFFCh and above.

[0130] The information regarding the manufacture of the IC card 12 isdisposed at the manufacture ID block. More specifically, the manufactureID block carries, for example, a unique manufacture ID, a date ofmanufacture, or a manufacturer code.

[0131] The information regarding the issuance of the IC card 12 isdisposed at the issued ID block. More specifically, the issued ID blockcarries, for example, the date when the IC card 12 was issued, and acode indicating the order of issuance of the IC cards 12, or a card ID.

[0132] The system definition block contains, for example, the number ofthe system blocks or user blocks that the EEPROM 86 has, or the keysdistributed to the issuer 2, that has issued the IC card 12, from theacquirer/brand holder 1. The keys are used for mutual authenticationamong the IC card 12, the reader/writer 31, and the controller 32, asmentioned above.

[0133] The area definition block is prepared by assigning it as astorage area for the storage area of the EEPROM 86 to implement avariety of services, including the present service, and mainly containsthe information for managing the storage area where they are disposed.More specifically, the area definition block contains, for example, acode range corresponding to the area for recording the informationregarding the service, and the available capacity of each storage area.

[0134] The service definition block primarily contains information formanaging a service area wherein applications for providing a variety ofservices to be discussed hereinafter are located, such informationincluding the capacity of the service area and the keys required forimplementing processing.

[0135]FIG. 7 is a block diagram showing the configuration of thecontroller 32.

[0136] A control unit 101 carries out various types of processing on thebasis of signals corresponding to diverse commands entered using aninput unit 103 through an internal bus 102. A memory 104 mainly storesprograms used by the control unit 101, the parameters for operations, orparameters that are changed as necessary in running programs. Thecontrol unit 101 and the memory 104 are mutually connected by theinternal bus 102.

[0137] The internal bus 102 is also connected to the input unit 103, adisplay unit 105, a drive 106, and a network interface 107. The inputunit 103 is constructed by, for example, a keyboard, a mouse, or a barcode reader, and is operated for entering diverse commands or data orthe like to the control unit 101. The display unit 105 is formed of, forexample, a cathode ray tube (CRT) or the like, and displays a variety oftypes of information in terms of texts or images or the like. A magneticdisk 111, an optical disk 112, a magneto-optical disk 113, and asemiconductor memory 114 are loaded, as necessary, onto the drive 106 toexchange data.

[0138] The network interface 107 is connected to the reader/writer 31through the intermediary of, for example, RS-485A, or connected to alocal area network (LAN) by using a predetermined interface cable or thelike, or a wide area network, such as the Internet 11, for example,through the intermediary of a telephone line (not shown).

[0139] As explained in conjunction with FIG. 2, the user 3 is able toenjoy the service using the IC card 12, without going to a store, byconnecting the reader/writer 15 to the personal computer 14. FIG. 8 is ablock diagram showing the configuration of the personal computer 14.

[0140] Through the intermediary of an input/output interface 122 and aninternal bus 123, a CPU 121 receives, for example, signals correspondingto diverse commands entered by the user 3 by using an input unit 124 andsignals entered through the intermediary of a network interface 125, andperforms various types of processing on the basis of the signals. A ROM126 stores a program, such as a web browser for browsing web contentsopened on the Internet 11, used by the CPU 121, and data basically fixedamong the parameters for operations. A RAM 127 stores a program used forexecution by the CPU 121 and parameters that are changed as necessary inthe execution. The CPU 121, the ROM 126, and the RAM 127 are mutuallyconnected by the internal bus 123.

[0141] The internal bus 123 is also connected to the input/outputinterface 122. The input unit 124 is constructed by, for example, akeyboard or a mouse, and is operated for entering diverse commands tothe CPU 121. A display unit 128 is formed of, for example, a CRT or thelike, and displays a variety of types of information in terms of textsor images or the like. A hard disk drive (HDD) 129 drives a hard disk tocause the programs used by the CPU 121 and data generated by processingimplemented according to the programs to be recorded or reproduced. Themagnetic disk 131, an optical disk 132, a magneto-optical disk 133, or asemiconductor memory 134 is loaded, as necessary, onto a drive 130 toexchange data. The network interface 125 is connected to the Internet 11through the intermediary of a telephone line or the like (not shown),and also connected to the reader/writer 15 by using a predeterminedconnection cable to exchange information.

[0142] The POS center 17 and the MMK center 19 described in conjunctionwith FIG. 2 basically share the same configuration as that of thepersonal computer 14 shown in FIG. 8; therefore the descriptions thereofwill be omitted.

[0143]FIG. 9 is a block diagram showing the configuration of theacquirer/brand holder 1. The internal configurations of a merchantmanagement server 141 through an issuer gateway (G/W) server 151 arebasically the same as the personal computer 14 described in conjunctionwith FIG. 8; hence, the description thereof will be omitted.

[0144] The merchant management server 141 manages a merchant managementdatabase (DB) 142 for recording the information regarding the issuer 2and the merchant 4 participating in the service. Recorded in themerchant management DB 142 are, for example, the names and addresses ofthe issuers 2 and the merchants 4 participating in the service or theaccount numbers of financial institutes used for settlement withassociated issuers 2 or the merchants 4, the details of the agreement onthe service, the key IDs for issued keys, etc.

[0145] A customer DB server 143 manages a customer DB 144 for recordingthe information regarding the user 3 using the service (i.e., the userof the service of an electronic money brand managed by theacquirer/brand holder 1). Recorded in the customer DB 144 are, forexample, the names and addresses of customers, the information regardingthe financial institutes that customers use for settlement, such as theaccount numbers of financial institutes or the card numbers of thecredit cards that associated customers have, and the card IDs of the ICcards 12 owned by customers.

[0146] A security server 145 manages a key management DB 146 forrecording the information regarding all keys used in the service and theinformation regarding the issuers 2 or the merchants 4 to which theindividual keys are issued or distributed. As necessary, the securityserver 145 searches for keys to be issued to new participant issuers 2or merchants 4, and output the keys to the issuer G/W server 151 or amerchant G/W server 149.

[0147] An accounting server 147 performs accounting on the basis ofaccounting information from affiliate merchants received from themerchant G/W server 149 or a web server 150, calculates a charge amountto the issuer 2, and outputs the calculated charge amount to the issuer2 through the intermediary of the issuer G/W server 151. The accountingmay be performed at a predetermined interval, e.g., one week or onemonth. The accounting server also performs the processing the service ofproxy loading of electronic money into the IC card 12 issued by theissuer 2-1, which will be discussed hereinafter in conjunction with FIG.14 and FIG. 16. The accounting server records the information regardingthe proxy loading in a proxy loading DB 148, and performs settlementwith the associated issuer 2-1 at a predetermined interval, e.g., oneweek or one month.

[0148] The merchant G/W server 149 is connected to the POS center 17,the MMK center 19, and the affiliate merchant terminal unit 21, whichhave been explained in conjunction with FIG. 2, to control the transferof information to and from the POS center 17, the MMK center 19, and theaffiliate merchant terminal unit 21. The merchant G/W server 149 outputsreceived data to an appropriate server among the merchant managementserver 141 through the accounting server 147. For example, if accountinginformation is received from the POS center 17, then the merchant G/Wserver 149 outputs the received data to the accounting server 147.

[0149] The web server 150 is connected to the Internet 11, controls theexchange of information with the cybershop 16 or the personal computer14, and outputs received data to an associated server among the merchantmanagement server 141 through the accounting server 147. For example, ifthe authentication information is received from the cybershop 16, thenthe web server 150 outputs the received data to the security server 145.

[0150] The issuer G/W server 151 is connected to the issuer 2 to controlthe transfer of information to and from the issuer 2, and outputsreceived data to an appropriate server among the merchant managementserver 141 through the accounting server 147. For example, if the issuerG/W server 151 receives a request from the issuer 2 for the issuance ofa key associated to a new service, then the issuer G/W server 151outputs the received data to the security server 145.

[0151]FIG. 10 is a block diagram showing the configuration of the issuer2-1.

[0152] A security server 161 manages a key management DB 162 for savingkeys issued from the acquirer/brand holder 1. When the IC card 12 isissued, the security server 161 finds and outputs a necessary key fromthe key management DB 162, and implements authentication processing byfinding an associated key from the key management DB 162 on the basis ofthe authentication information regarding the IC card 12 that is receivedfrom the loading terminal unit 13 connected to the merchant G/W server166, then outputs the authentication processing result to the merchantGIW server 166.

[0153] A user management server 163 manages a user DB 164 for recordinginformation regarding the users 3 using the IC cards 12 that have beenissued, and is connected mainly to a processing unit (not shown) forregistering users or issuing IC cards. The user management server 163receives, for example, the name and address of a customer, an accountnumber of a financial institute or the card number of a credit card thatthe associated customer has, the information of the financial instituteused by the customer for settlement, and the card ID of the IC card 12owned by the customer from the processing unit (not shown) forregistering users and issuing IC cards. The user management server 163records such information in the user DB 164, and supplies the keysoutput from the security server 161 to the processing unit forregistering users and issuing IC cards.

[0154] An acquirer/brand holder G/W server 165 is connected to theacquirer/brand holder 1 to control transfer of information, and outputsreceived data to an associated server among the security server 161through an accounting server 167. For example, if the acquirer/brandholder G/W server 165 receives a key associated with a new service andissued from the acquirer/brand holder 1, then the acquirer/brand holderG/W server 165 outputs the received key to the security server 161.

[0155] The merchant G/W server 166 is connected to the loading terminalunit 13 or the MMK center 19, which has been explained in conjunctionwith FIG. 2, to control transfer of information to and from the loadingterminal unit 13 or the MMK center 19, and outputs received data to anassociated server among the security server 161 through the accountingserver 167. For instance, if the merchant G/W server 166 receivesinformation regarding the loading of electronic money into the IC card12 from the loading terminal unit 13, then the merchant G/W server 166outputs the received data to the accounting server 167. If the merchantG/W server 166 receives authentication information regarding the IC card12 from the loading terminal unit 13, then merchant G/W server 166outputs the received data to the security server 161.

[0156] The accounting server 167 performs accounting related to theloading of electronic money into the IC card 12 on the basis of theaccounting information from the loading terminal unit 13 or the MMKcenter 19 that is entered from the merchant G/W server 166, and recordsthe accounting result in the loading DB 168.

[0157]FIG. 11 is a block diagram showing the configuration of the issuer2-2. The components corresponding to those of the issuer 2-1 shown inFIG. 10 are assigned the same reference numerals, and the descriptionsthereof will be omitted as appropriate (the same applies hereinafter).

[0158] A web server 171 is connected to the Internet 11, and controlsthe transfer of information. The web server 171 outputs received data toan appropriate server among the security server 161 through theaccounting server 167. For example, if the web server 171 receivesauthentication information regarding the IC card 12 from the personalcomputer 14, then the web server 171 outputs the received data to thesecurity server 161.

[0159] An accounting server 167 performs accounting related to theloading of electronic money into the IC card 12 in response to anelectronic money loading request from the personal computer 14 that isreceived from not only the merchant G/W server 166 but the web server171 also, and records the accounting result in the loading DB 168.

[0160] Referring now to FIG. 12 through FIG. 16, the loading ofelectronic money into the IC card 12 and the dispositions of keys forimplementing the loading of electronic money will be explained indetail.

[0161] Referring to FIG. 12, the descriptions will be given of thedispositions of keys that enable the user 3 to accomplish the loading ofelectronic money into the IC card 12 by using the loading terminal unit13 or the MMK 20 when the user 3 visits an actual store or the like.

[0162] It is assumed, for example, that the acquirer/brand holder 1 ownskeys A through C for authorizing the execution of writing of data (i.e.,the loading of electronic money) to the IC card 12. For example, the keyA allows the loading of electronic money by the cashing service of acredit company A, the key B allows the loading of electronic money bywithdrawal from an account of a bank B, and the key C allows the loadingof electronic money by a credit card C.

[0163] It is further assumed that the key A and the key B are requiredto permit the cashing service of the credit company A and the loading ofelectronic money by the withdrawal from the account of the bank B at theloading terminal unit 13 managed by a bank center 181 on the basis of acontract between an issuer 2-3 and the bank center 181. In such a case,the acquirer/brand holder 1 checks with the issuer 2-3 whether theassociated keys may be issued to the bank center 181, and issues anddistributes the key A and the key B to the bank center 181 afterobtaining a permission from the issuer 2-3.

[0164] The bank center 181 basically shares the same configuration asthat of the personal computer 14 that has been explained in conjunctionwith FIG. 8; therefore, the descriptions thereof will be omitted.

[0165] Similarly, it is assumed that the key A and the key C arerequired to permit the cashing service of the credit company A and theloading of electronic money by the credit card C at an MMK 20 managed bythe MMK center 19 on the basis of a contract between an issuer 2-4 andthe MMK center 19. In such a case, the acquirer/brand holder 1 checkswith the issuer 2-4 whether the associated keys may be issued to the MMKcenter 19, and issues and distributes the key A and the key C to the MMKcenter 19 after obtaining a permission from the issuer 2-4.

[0166] More specifically, if the key A and the key B have been recordedin the IC card 12 issued by the issuer 2-3, the user 3 of the IC card 12can perform the loading of electronic money by the cashing service ofthe credit company A at the MMK 20, while the user 3 cannot perform theloading of electronic money by withdrawal from an account of the bank B.Similarly, if the key A and the key C have been recorded in the IC card12 issued by the issuer 2-4, the user 3 of the IC card 12 can performthe loading of electronic money by the cashing service of the creditcompany A at the loading terminal unit 13 managed by the bank center181, while the user 3 cannot perform the loading of electronic money bythe credit card C.

[0167] The settlement method for commission charges or the like involvedin such electronic money loading is similar to a conventional settlementprocessing. For instance, the settlement method may be individuallyestablished on the basis of the partnership agreement between theacquirer/brand holder 1 and the issuer 2-3, between the acquirer/brandholder 1 and the issuer 2-4, between the issuer 2-3 and the bank center181, and between the issuer 2-4 and the MMK center 19. Alternatively, asupervisor of the service, namely, the supervisor of the acquirer/brandholder 1, may manage the settlement by the processing implemented by theaccounting server 147 of the acquirer/brand holder 1.

[0168]FIG. 12 illustrates that the single loading terminal unit 13 isconnected to the bank center 181, and the single MMK 20 is connected tothe MMK center 19. However, a plurality of loading terminal units 13 andMMK's 20 can be connected to the bank center 181 and the MMK center 19.It is needless to say that a plurality of the bank centers 181 and theMMK centers 19 may participate in the service.

[0169] Referring to the flowchart shown in FIG. 13, the descriptionswill be given of the loading of electronic money into the IC card 12 byusing the loading terminal unit 13 or the MMK 20. In this case, thedescriptions will be given of the loading of electronic money into theIC card 12 by using the loading terminal unit 13. Basically, the sameprocessing will be implemented also in a case where the loading ofelectronic money into the IC card 12 is performed by using the MMK 20.

[0170] In step S1, the antenna 46 of the reader/writer 31 of the loadingterminal unit 13 monitors the load thereof by radiating a predeterminedelectromagnetic wave to detect the IC card 12. The DPU 51 generates asignal indicating that the IC card 12 has been detected, and outputs thesignal to the controller 32 through the bus 55 and the SCC 53.

[0171] In step S2, the control unit 101 of the controller 32 receivesthe signal which indicates that the IC card 12 has been detected andwhich has been transmitted from the reader/writer 31 through theintermediary of the network interface 107 and the internal bus 102. Thecontrol unit 101 then outputs, through the internal bus 102, the dataassociated with a menu screen that includes a message or the like forprompting the user 3 to perform the next operation to the display unit105 so as to cause the display unit 105 to display the menu screen.

[0172] In step S3, the control unit 101 of the controller 32 receives,through the internal bus 102, a command (e.g., a command instructing theloading of electronic money worth 5000 yen) entered by the user 3through the input unit 103, and outputs the command to the reader/writer31 through the intermediary of the internal bus 102 and the networkinterface 107. The reader/writer 31 implements predetermined processingto transmit the received command to the IC card 12.

[0173] In step S4, the antenna 73 of the IC card 12 receives a modulatedwave from the reader/writer 31, and the interface 81, the BPSKdemodulator 82, and the operation part 84 perform predeterminedprocessing. Then, authentication information that includes a keyassociated with the received command is read from the EEPROM 86. Theread authentication information is subjected to predetermined processingin the operation part 84, the BPSK modulator 88, and the interface 81,then sent out to the reader/writer 31 through the antenna 73.

[0174] In step S5, the antenna 46 of the reader/writer 31 receives theauthentication information transmitted from the IC card 12, and outputsthe authentication information to the demodulating circuit 44. Theauthentication information that has been demodulated in the demodulatingcircuit 44 is subjected to predetermined processing, such as the BPSKmodulation, in the SPU 52, then supplied to the DPU 51. The DPU 51generates a signal requesting for authentication processing, and outputsthe generated signal together with the received authenticationinformation and the command indicating the instruction given by the user3 that has been entered in step S3 to the controller 32 through theintermediary of the bus 55 and the SCC 53. The control unit 101 of thecontroller 32 receives the signal requesting for authenticationprocessing, the command indicating the instruction of the user 3, andthe authentication information through the intermediary of the networkinterface 107 and the internal bus 102, then transmits them to theassociated bank center 181 through the intermediary of the internal bus102 and the network interface 107.

[0175] In step S6, the CPU 121 of the bank center 181 (FIG. 8 shows theconfiguration of not only the personal computer 14 but also theconfiguration of the POS center 17, the MMK center 19, or the bankcenter 181) reads out a key, which has been supplied from theacquirer/brand holder 1 and saved at the RAM 127 or an HDD 129, andperforms authentication processing on the basis of the request forauthentication processing and the authentication information receivedthrough the intermediary of the network interface 125, the input/outputinterface 122, and the internal bus 123.

[0176] In step S7, the CPU 121 of the bank center 181 determines whetherthe authentication of the IC card 12 detected in step SI has been foundvalid in the authentication processing implemented in step S6. If theCPU 121 determines in step S7 that the IC card 12 has been foundinvalid, then the CPU 121 proceeds to step S16.

[0177] If it is determined in step S7 that the authentication of the ICcard 12 has been found valid, then the CPU 121 of the bank center 181verifies, in step S8, whether the loading of value according to a methodspecified by the user 3 (e.g., loading of electronic money worth 5000yen by a predetermined credit card), that is, whether the processing forthe addition to the balance of the electronic money recorded in the ICcard 12, is acceptable or not on the basis of the received command. If,for example, the loading of value is performed by cash, then the CPU 121of the bank center 181 checks with the loading terminal unit 13 whetherthe correct amount of cash has been loaded. If the loading of value isimplemented by a credit card or the withdrawal from a bank account, thenthe CPU 121 inquires of the issuer 2 about the balance of the availableamount of the credit card corresponding to the electronic money to beloaded, or whether there is a sufficient balance at a bank account. Theissuer 2 inquires, for example, of a predetermined financial institute5, such as a credit card company or a bank, about whether the associateduser 3 is entitled to use the credit card for the amount correspondingto the value loading or withdrawal from his or her bank account.

[0178] In step S9, the CPU 121 of the bank center 181 determines whetherthe value loading is acceptable or not on the basis of the responsesignal to the inquiry that is received from the loading terminal unit 13or the issuer 2 through the intermediary of the network interface 125,the input/output interface 122, and the internal bus 123. If it isdetermined in step S9 that the value loading is not acceptable, then theCPU 121 proceeds to step S16.

[0179] If it is determined in step S9 that the value loading isacceptable, then the control unit 101 of the controller 32 of theloading terminal unit 13 that has received the signal indicating thatthe value loading is acceptable transmits, in step SI 0, a signalindicating that the value loading is acceptable to the reader/writer 31through the internal bus 102 and the network interface 103. The DPU 51of the reader/writer 31 outputs a command for causing the value loadingto be carried out (rewriting the value of electronic money recorded inthe appropriate file of the IC card 12) to the SPU 52 through the bus 55on the basis of the signal received through the intermediary of the SCC53 and the bus 55. The SPU 52 performs predetermined processing, such asthe BPSK modulation, for example, on the received command, then outputsthe processed command to the modulating circuit 43. The modulatingcircuit 43 carries out the ASK modulation on a carrier wave of apredetermined frequency supplied from the oscillator 45 on the basis ofthe data supplied from the SPU 52, and outputs the generated modulatedwave to the IC card 12 in the form of an electromagnetic wave throughthe antenna 46.

[0180] In step S11, the antenna 73 of the IC card 12 receives themodulated wave from the antenna 46 of the reader/writer 31. The receivedmodulated wave is detected by the interface 81 and subjected to the ASKdemodulation and the BPSK demodulation in the BPSK demodulator 82, thendecoded in the encoder/decoder 96 of the operation part 84. Thus, thedata recorded in the EEPROM 86 is rewritten by the sequencer 95 to carryout the value loading, and the result is saved.

[0181] In step S12, the control unit 101 of the controller 32 of theloading terminal unit 13 notifies the bank center 181 of the processingresult through the intermediary of the internal bus 102 and the networkinterface 107.

[0182] In step S13, the CPU 121 of the bank center 181 receives thevalue loading result from the loading terminal unit 13 through theintermediary of the network interface 125, the input/output interface122, and the internal bus 123, then notifies the issuer 2 of theprocessing result through the intermediary of the internal bus 123, theinput/output interface 122, and the network interface 125. The issuer 2records the received processing result in the loading DB 168 by means ofthe processing of the accounting server 167, and notifies theacquirer/brand holder 1 of the processing result, as necessary. Thenotification of value loading results may be performed sequentially eachtime the processing is carried out, or at a predetermined interval of,for example, one week or one month.

[0183] In step S14, the control unit 101 of the controller 32 of theloading terminal unit 13 generates a control signal for recording thelog of value loading result in the IC card 12, and transmits thegenerated control signal to the reader/writer 31 through theintermediary of the internal bus 102 and the network interface 107. TheDPU 51 of the reader/writer 31 outputs a command to be transmitted tothe IC card 12 to the SPU 52 through the bus 55 on the basis of thesignal received through the intermediary of the SCC 53 and the bus 55.The command that has been subjected to predetermined processing in theSPU 52 and the modulating circuit 43 is output as an electromagneticwave to the IC card 12 through the antenna 46.

[0184] In step S15, the antenna 73 of the IC card 12 receives themodulated wave from the reader/writer 31. The modulated wave undergoespredetermined processing in the interface 81, the BPSK demodulator 82,and the operation part 84. The log is written to the EEPROM 86 therebyto save it.

[0185] If it is determined in step S7 that the authentication of the ICcard 12 is invalid, or if it is determined in step S9 that the valueloading is not acceptable, then the CPU 121 of the bank center 181outputs an error message to the loading terminal unit 13 through theintermediary of the internal bus 123, the input/output interface 122,and the network interface 125 in step S161.

[0186] In step S17, the control unit 101 of the controller 32 of theloading terminal unit 13 outputs the received error message to thedisplay unit 105 through the internal bus 102 to cause the display unit105 to display the error message.

[0187] Referring now to FIG. 14, the descriptions will be given of thedispositions of the keys and the authentication processing that enablethe user 3 to implement the loading of electronic money into the IC card12 over the Internet 11, without the need for visiting an actual storeor the like.

[0188] It is assumed that the acquirer/brand holder 1 owns a key D and akey E to, for example, authenticate the execution of writing data to theIC card 12, i.e., the loading of electronic money. It is further assumedthat, for example, the key D permits the loading of electronic money bythe cashing service of a credit company D, and the key E permits theloading of electronic money by withdrawal from an account of a bank E.

[0189] It is also assumed that the key D is necessary for the user 3,who has the IC card 12 issued by the issuer 2-2, to be able to performthe loading of electronic money over the Internet 11 by using thecashing service of the credit company D by operating one of personalcomputers 14-1 to 14-n. In such a case, the acquirer/brand holder 1issues and distributes the key D to the issuer 2-2. The issuer 2-2 isconnected to the Internet 11 to perform authentication processing on thebasis of the authentication information of the IC card 12 owned by theuser 3 that is received through the intermediary of the reader/writer15, the personal computer 14, and the Internet 11, and the key Dsupplied from the acquirer/brand holder 1. If the authenticationprocessing result indicates that the authentication is valid, then theloading of electronic money is executed.

[0190] Similarly, it is assumed that the key E is necessary for the user3, who has the IC card 12 issued by the issuer 2-1, to be able toperform the loading of electronic money over the Internet 11 bywithdrawal from an account of the bank E by operating one of thepersonal computers 14-1 to 14-n. In such a case, the acquirer/brandholder 1 issues and distributes the key E to the issuer 2-1. The issuer2-1, however, is not connected to the Internet 11, so that it asks theacquirer/brand holder 1 to perform proxy loading. The acquirer/brandholder 1 records the key E, which has been issued to the issuer 2-1, inthe key management DB 146 as the key for the proxy loading.

[0191] The acquirer/brand holder 1 performs authentication processing onthe basis of the authentication information of the IC card 12 owned bythe user 3 that is received through the intermediary of thereader/writer 15, the personal computer 14, and the Internet 11, and theinformation regarding the key E recorded in the key management DB 146.If the authentication processing result indicates that theauthentication is valid, then the loading of electronic money isexecuted by the processing carried out by the accounting server 147, andthe result is recorded in the proxy loading DB 148.

[0192] In this case also, the settlement method for commission chargesor the like involved in such electronic money loading is similar to aconventional settlement processing. For instance, the settlement methodmay be individually established on the basis of the partnershipagreement between the acquirer/brand holder 1 and the issuer 2-1, andbetween the acquirer/brand holder 1 and the issuer 2-2. Alternatively, asupervisor of the service, namely, the supervisor of the acquirer/brandholder 1, may manage the settlement by the processing implemented by theaccounting server 147 of the acquirer/brand holder 1.

[0193] Referring now to the flowchart shown in FIG. 15, the descriptionswill be given of the loading of electronic money into the IC card 12performed by the issuer 2-2 over the Internet

[0194] In step S21, in response to a signal indicating the operation ofthe user 3 that is received from the input unit 124 through theintermediary of the input/output interface 122 and the internal bus 123,the CPU 121 of the personal computer 14 loads the web browser softwarestored in the HDD 129 into the RAM 127 and activates it thereby to startup the web browser. In step S22, the CPU 121 connects to the issuer 2-2over the Internet 11.

[0195] In step S23, the web server 171 of the issuer 2-2 outputs dataassociated with a loading request screen to the personal computer 14over the Internet 11.

[0196] In step S24, the CPU 121 of the personal computer 14 outputs thedata associated with the loading request screen, which has been receivedthrough the intermediary of the network interface 125, the input/outputinterface 122, and the internal bus 123, to a display unit 182 throughthe intermediary of the internal bus 123 and the input/output interface122, and cause the display unit 182 to display the loading requestscreen. The loading request screen primarily shows a message promptingthe user to set the IC card 12 at a predetermined reading position toallow the reader/writer 15 and the IC card 12 to communicate with eachother, and a menu prompting an input operation. In this case, it isassumed that the loading of value into the IC card 12 has been selectedand instructed by the user 3 by using the input unit 124.

[0197] In step S25, the antenna 46 of the reader/writer 15 monitors theload thereof by radiating a predetermined electromagnetic wave to detectthe IC card 12. The DPU 51 generates a signal indicating that the ICcard 12 has been detected, and outputs the signal to the personalcomputer 14 through the bus 55 and the SCC 53.

[0198] In step S26, the SCC 53 of the reader/writer 15 receives thecommand entered by the user 3 through the personal computer 14, thenoutputs the command to the SPU 52 through the bus 55. The command issubjected to predetermined processing in the SPU 52 and the modulatingcircuit 43, and transmitted to the IC card 12 through the antenna 46.

[0199] In step S27, the same processing as that in step S4 shown in FIG.13 is carried out.

[0200] In step S28, the antenna 46 of the reader/writer 15 receives theauthentication information transmitted from the IC card 12 and outputsthe authentication information to the demodulating circuit 44. The datathat has been demodulated by the demodulating circuit 44 is subjected topredetermined processing, such as the BPSK modulation, in the SPU 52,and supplied to the DPU 51. The DPU 51 generates a signal for requestingauthentication processing, and transmits the generated signal to thepersonal computer 14 together with the received authenticationinformation through the intermediary of the bus 55 and the SCC 53.

[0201] In step S29, the CPU 121 of the personal computer 14 receives theauthentication processing request and the authentication informationthrough the intermediary of the network interface 125, the input/outputinterface 122, and the internal bus 123, and transmits theauthentication processing request and the authentication information tothe issuer 2-2 over the Internet 11 together with the command associatedwith the operation performed by the user 3 (the command instructing theloading of value into the IC card 12 in this case).

[0202] In step S30, the web server 171 of the issuer 2-2 receives theauthentication processing request and the authentication information,and outputs the request and the information to the security server 161.The security server 161 carries out authentication processing on thebasis of the received authentication processing request and theauthentication information by referring to the key that has beensupplied from the acquirer/brand holder 1 and stored in the keymanagement DB 162.

[0203] In step S31, the security server 161 determines whether theauthentication of the IC card 12, which was detected in step S25, hasbeen proven valid in the authentication processing implemented in stepS30. If it is determined in step S31 that the authentication of the ICcard 12 is invalid, then the processing proceeds to step S41.

[0204] If it is determined in step S31 that the authentication of the ICcard 12 is valid, then the accounting server 167 inquires, in step S32,a predetermined financial institute 5 (a credit company, a bank, etc.)about whether the loading of value according to the method specified bythe user 3 (e.g., the loading of electronic money worth 5000 yen by apredetermined credit card) is acceptable (e.g., whether there is abalance of amount that allows the use of a credit for the loading ofelectronic money) on the basis of the received command for the purposeof verification.

[0205] In step S32, the accounting server 167 determines whether theloading of value is acceptable on the basis of a response signal to theinquiry sent from the financial institute 5. If it is determined in stepS32 that the loading of value is not acceptable, then the processingproceeds to step S41.

[0206] If it is determined in step S33 that the loading of value isacceptable, the DPU 51 of the reader/writer 15 that has received asignal indicating that the loading of value is acceptable from theissuer 2-2 through the intermediary of the Internet 11 and the personalcomputer 14 generates, in step S34, a command for executing the loadingof electronic money that is to be transmitted to the IC card 12 on thebasis of the received signal, and outputs the command to the SPU 52through the bus 55. Then, the SPU 52 and the modulating circuit 43 carryout predetermined processing to generate a modulated wave correspondingto the command, and the modulated wave is output as an electromagneticwave to the IC card 12 through the antenna 46.

[0207] In step S35, the antenna 73 of the IC card 12 receives themodulated wave from the antenna 46 of the reader/writer 15. Themodulated wave is then subjected to predetermined processing in theinterface 81, the BPSK demodulator 82, and the operation part 84. Basedon the command, the data recorded in the EEPROM 86 is rewritten, thatis, the value loading is implemented, and the result is saved.

[0208] In step S36, the DPU 51 of the reader/writer 15 notifies theissuer 2-2 of the processing result through the intermediary of the bus55, the SCC 53, the personal computer 14, and the Internet 11.

[0209] In step S37, the web server 171 of the issuer 2-2 receives thevalue loading result from the reader/writer 15, and supplies the resultto the accounting server 167. The accounting server 167 records thereceived result of the value loading in the loading DB 168.

[0210] In step S38, the acquirer/brand holder G/W server 165 notifiesthe acquirer/brand holder 1 of the result of the value loading. Thenotification of value loading results may be performed sequentially eachtime the loading is implemented, or at a predetermined interval of, forexample, one week or one month.

[0211] In step S39, the DPU 51 of the reader/writer 15 generates acommand for recording the log of a value loading result in the IC card12 on the basis of the signal received through the intermediary of theSCC 53 and the bus 55, and outputs the generated command to the SPU 52through the bus 55. The command that has been subjected to predeterminedprocessing in the SPU 52 and the modulating circuit 43 is output in theform of an electromagnetic wave to the IC card 12 through the antenna46.

[0212] In step S40, the same processing as that of step S15 shown inFIG. 13 is performed.

[0213] If it is determined that the authentication of the IC card 12 isinvalid in step S31, or if the value loading is not acceptable in stepS33, then the web server 171 of the issuer 2-2 outputs an error messageto the personal computer 14 over the Internet 11 in step S41.

[0214] In step S42, the CPU 121 of the personal computer 14 receives theerror message through the intermediary of the network interface 125, theinput/output interface 122, and the internal bus 123, and outputs thereceived error message to the display unit 128 through the intermediaryof the internal bus 123 and the input/output interface 122 so as tocause the display unit 128 to display the error message.

[0215] Referring now to the flowchart shown in FIG. 16, the descriptionswill be given of the loading of electronic money into the IC card 12 bythe proxy loading performed by the acquirer/brand holder 1.

[0216] In step S51, the same processing as that of step S21 shown inFIG. 15 is carried out.

[0217] In step S52, the CPU 121 of the personal computer 14 connects tothe acquirer/brand holder 1 over the Internet 11.

[0218] In step S53, the web server 150 of the acquirer/brand holder 1outputs data associated with a loading request screen to the personalcomputer 14 over the Internet 11.

[0219] In step S54 through step S58, the same processing as that of stepS24 through S28 shown in FIG. 15 is implemented.

[0220] In step S59, the CPU 121 of the personal computer 14 receives anauthentication processing request and the authentication informationthrough the intermediary of the network interface 125, the input/outputinterface 122, and the internal bus 123, and transmits theauthentication processing request and the authentication information tothe acquirer/brand holder 1 over the Internet 11 together with a commandassociated with an operation performed by the user 3 (the commandinstructing the loading of value into the IC card 12 in this case).

[0221] In step S60, the web server 150 of the acquirer/brand holder 1receives the authentication processing request and the authenticationinformation, and outputs the request and the information to the securityserver 145. The security server 145 carries out authenticationprocessing on the basis of the received authentication processingrequest and the authentication information by reading out the key thathas been stored in the key management DB 146.

[0222] In step S61, the security server 145 determines whether theauthentication of the IC card 12, which was detected in step S55, hasbeen proven valid in the authentication processing carried out in stepS60. If it is determined in step S61 that the authentication of the ICcard 12 is invalid, then the processing proceeds to step S71.

[0223] If it is determined in step S61 that the authentication of the ICcard 12 is valid, then the accounting server 145 inquires, in step S62,an associated issuer 2-1 about whether the loading of value according tothe method specified by the user 3 (e.g., the loading of electronicmoney worth 5000 yen by a predetermined credit card) is acceptable(e.g., whether there is a balance of amount that allows the use of acredit for the loading of electronic money) on the basis of the receivedcommand for the purpose of verification.

[0224] In step S63, the accounting server 147 determines whether theloading of value is acceptable on the basis of a response signal to theinquiry sent from the issuer 2-1. If it is determined in step S63 thatthe loading of value is not acceptable, then the processing proceeds tostep S71.

[0225] If it is determined in step S63 that the loading of value isacceptable, then the DPU 51 of the reader/writer 15 that has received asignal indicating that the loading of value is acceptable from theacquirer/brand holder 1 through the intermediary of the SCC 53 and thebus 55 carries out the same processing as that of step S34 shown in FIG.15.

[0226] In step S65, the same processing as that of step S35 shown inFIG. 15 is carried out.

[0227] In step S66, the DPU 51 of the reader/writer 15 notifies theacquirer/brand holder 1 of the processing result through theintermediary of the bus 55, the SCC 53, the personal computer 14, andthe Internet 11.

[0228] In step S67, the web server 150 of the acquirer/brand holder 1receives the value loading result from the reader/writer 15, andsupplies the result to the accounting server 147. The accounting server147 records the received result of the value loading in the proxyloading DB 148.

[0229] In step S68, the issuer G/W server 151 notifies the issuer 2-1 ofthe result of the value loading. The notification of value loadingresults may be performed sequentially each time the loading isimplemented, or at a predetermined interval of, for example, one week orone month.

[0230] In step S69 and step S70, the same processing as that in step S39and step S40 shown in FIG. 15 is performed.

[0231] If it is determined that the authentication of the IC card 12 isinvalid in step S61, or if the value loading is not acceptable in stepS63, then the web server 150 of the acquirer/brand holder 1 outputs anerror message to the personal computer 14 over the Internet 11 in stepS71.

[0232] In step S72, the same processing as that of step S42 shown inFIG. 15 is carried out.

[0233] Referring now to FIG. 17 through FIG. 21, detailed descriptionswill be given of the processing for the user 3 to purchase goods byusing electronic money loaded in the IC card 12 or to use a variety ofservices, and the dispositions of keys for carrying out the processing.

[0234] First, referring to FIG. 17, the descriptions will be given ofthe dispositions of the keys that allow the user 3 to visit an actualstore or the like to purchase goods or services by using the electronicmoney loaded into the IC card 12 by employing the affiliate merchantterminal unit 18.

[0235] As described above in conjunction with FIG. 2, when the merchant4 that does not have an organization for general managementindependently participates in the service, the acquirer/brand holder 1issues and distributes appropriate keys on the basis of a participationagreement to the affiliate merchant terminal unit 18 installed at eachmerchant 4. In other words, the affiliate merchant terminal units 18-1-1 through 18-1-n shown in FIG. 17 store keys for services, which can beprovided at the individual merchants 4, in readers/writers 31-3-1through 31-3-n; therefore, authentication processing can be performedbetween the affiliate merchant terminal units 18 and the IC cards 12.

[0236] The merchant 4 selects a service in line with the businessthereof, concludes a tie-up for the service, and receives an associatedkey supplied from the acquirer/brand holder 1, thereby enabling themerchant 4 to provide the selected service to the user 3. Morespecifically, the user 3 having the IC card 12 in which a key F or a keyJ has been stored can use a service that can be supplied by the key F orthe key J at a merchant equipped with the affiliate merchant terminalunit 18-1-1. The user 3 having the IC card 12 in which a key G has beenstored can use a service that can be supplied by the key G at a merchantequipped with an affiliate merchant terminal unit 18-1-2. The user 3having the IC card 12 in which the key G, a key H, or the key J has beenstored can use a service that can be supplied by the key G, the key H,or the key J at a merchant equipped with the affiliate merchant terminalunit 18-1-n.

[0237] For instance, if a corporation having a plurality of merchants 4,such as chain store merchants, provides the service, then theacquirer/brand holder 1 issues and distributes keys to the POS center 17that has control over the plurality of the merchants 4. Affiliatemerchant terminal units 18-2-1 through 18-2-m basically connect to thePOS center 17 to carry out the authentication processing with the ICcard 12 without receiving keys. Alternatively, if the affiliate merchantterminal units 18-2-1 through 18-2-m employ an advanced tamperprooftechnology, then the keys may be stored in the affiliate merchantterminal units 18-2-1 through 18-2-m, respectively, so as to implementthe authentication processing between each of the affiliate merchantterminal units 18-2-1 through 18-2-m and the IC card 12.

[0238] In other words, the user 3 having the IC card 12 in which the keyF or the key H has been stored can use a service that can be supplied bythe key F or the key H saved at the POS center 17 at the affiliatemerchant terminal units 18-2-1 through 18-2-m, whereas the key F and thekey H are not saved at reader/writers 31-4-1 through 31-4-m.

[0239] In the following descriptions, unless it is necessary toindividually distinguish among the affiliate merchant terminal units18-1-1 through 18-1-n, the affiliate merchant terminal units will begenerically referred to simply as the affiliate merchant terminal unit18-1. Similarly, unless it is necessary to individually distinguishamong the affiliate merchant terminal units 182-1 through 18-2-m, theaffiliate merchant terminal units will be generically referred to simplyas the affiliate merchant terminal unit 18-2.

[0240] Referring to the flowchart shown in FIG. 18, the descriptionswill be given of the processing performed when the user 3 having the ICcard 12 purchases goods or a service by using the affiliate merchantterminal unit 18-1.

[0241] In step S81, the antenna 46 of the reader/writer 31 of theaffiliate merchant terminal unit 18-1 monitors the load thereof byradiating a predetermined electromagnetic wave so as to detect the ICcard 12. The DPU 51 generates a signal indicating that the IC card 12has been detected, and outputs the signal to the controller 32 throughthe intermediary of the bus 55 and the SCC 53.

[0242] In step S82, the control unit 101 of the controller 32 receivesthe signal transmitted from the reader/writer 31 through theintermediary of the network interface 107 and the internal bus 102. Thecontrol unit 101 then outputs, through the internal bus 102, the dataassociated with a menu screen that includes a message or the like forprompting the user 3 to perform the next operation to the display unit105 so as to cause the display unit 105 to display the menu screen.

[0243] In step S83, the control unit 101 of the controller 32 receives acommand (e.g., a command indicating the use of electronic money worth2000 yen) from the input unit 103 through the internal bus 102, andoutputs the command to the reader/writer 31 through the intermediary ofthe internal bus 102 and the network interface 107. The reader/writer 31implements predetermined processing to transmit the received command tothe IC card 12.

[0244] In step S84, the same processing as that of step S4 shown in FIG.13 is performed.

[0245] In step S85, the antenna 46 of the reader/writer 31 receives theauthentication information transmitted from the IC card 12, and outputsthe authentication information to the demodulating circuit 44. The datathat has been demodulated in the demodulating circuit 44 is subjected topredetermined processing, such as the BPSK modulation, in the SPU 52,and supplied to the DPU 51. Through the bus 55, the DPU 51 reads out akey from the flash memory 42 on the basis of the received authenticationinformation, and carries out the authentication processing.

[0246] In step S86, the DPU 51 of the reader/writer 31 determineswhether the authentication of the IC card 12, which has been detected instep S81, is valid. In step S86, if the DPU 51 determines that theauthentication of the IC card 12 is invalid, then the processingproceeds to step S94.

[0247] If it is determined in step S86 that the authentication of the ICcard 12 is valid, then the DPU 51 of the reader/writer 31 verifieswhether the processing for the use of the IC card specified by the user3 is acceptable on the basis of a received command primarily by readingout necessary information from the IC card 12. For example, if a commandinstructing the purchase of a commercial product worth 2,000 yen isreceived, the DPU 51 of the reader/writer 31 generates a command forchecking if the IC card 12 has electronic money sufficient for coveringthe payment of the commercial product, implements predeterminedprocessing, and transmits the generated command to the IC card 12.

[0248] In step S88, the DPU 51 of the reader/writer 31 determineswhether the processing of the command is acceptable mainly on the basisof a response signal to an inquiry that is received from the IC card 12through the antenna 46. If it is determined, in step S88, that theprocessing of the command is not acceptable, then the processingproceeds to step S94.

[0249] In step S88, if it is determined that the processing of thecommand is acceptable, then the DPU 51 of the reader/writer 31generates, in step S89, a command for causing the IC card 12 toimplement value loading (a predetermined value is subtracted from thevalue of the electronic money recorded in a file for the IC card 12),and outputs the generated command to the SPU 52 through the bus 55.Then, predetermined processing is carried out in the SPU 52 and themodulating circuit 43 to generate a modulated wave for the command, andthe modulated wave is output to the IC card 12 as an electromagneticwave through the antenna 46.

[0250] In step S90, the antenna 73 of the IC card 12 receives themodulated wave from the antenna 46 of the reader/writer 31. The receivedmodulated wave is subjected to predetermined processing in the interface81, the BPSK demodulator 82, and the operation part 84 to implementcommand processing for the subtraction of electronic money recorded inthe EEPROM 86, and the result is saved.

[0251] In step S91, the control unit 101 of the controller 32 notifiesthe acquirer/brand holder 1 of the processing result through theintermediary of the internal bus 102 and the network interface 107. Thenotification of command processing results may be performed sequentiallyeach time the processing is implemented, or at a predetermined intervalof, for example, one week or one month.

[0252] In step S92, the control unit 101 of the controller 32 generatesa control signal for recording the log of a command processing result inthe IC card 12, and transmits the generated control signal to thereader/writer 31 through the intermediary of the internal bus 102 andthe network interface 107. The DPU 51 of the reader/writer 31 outputs acommand to be transmitted to the IC card 12 to the SPU 52 through thebus 55 on the basis of the signal received through the intermediary ofthe SCC 53 and the bus 55. The command is subjected to predeterminedprocessing in the SPU 52 and the modulating circuit 43 to generate amodulated wave for the command, and the modulated wave is output as anelectromagnetic wave to the IC card 12 through the antenna 46.

[0253] In step S93, the antenna 73 of the IC card 12 receives themodulated wave from the reader/writer 31. The modulated wave undergoespredetermined processing in the interface 81, the BPSK demodulator 82,and the operation part 84, and the log of the command processing iswritten to the EEPROM 86 thereby to save it.

[0254] If it is determined in step S86 that the authentication of the ICcard 12 is invalid, or if it is determined in step S88 that the commandprocessing is not acceptable, then the control unit 101 of thecontroller 32 outputs an error message to the display unit 105 throughthe internal bus 102 to cause the display unit 105 to indicate the errormessage in step S94.

[0255] Referring now to the flowchart shown in FIG. 19, the descriptionswill be given of the processing implemented when the user 3 having theIC card 12 purchases a commercial product or a service by using theaffiliate merchant terminal unit 18-2.

[0256] In step S101 through S104, the same processing as that in stepS81 through S84 shown in FIG. 18 is carried out.

[0257] In step S105, the antenna 46 of the reader/writer 31 receives theauthentication information transmitted from the IC card 12, and outputsthe authentication information to the demodulating circuit 44. Theauthentication information that has been demodulated in the demodulatingcircuit 44 is subjected to predetermined processing, such as the BPSKmodulation, in the SPU 52, then supplied to the DPU 51. The DPU 51generates a signal requesting for authentication processing, and outputsthe generated signal together with the received authenticationinformation to the controller 32 through the intermediary of the bus 55and the SCC 53. The control unit 101 of the controller 32 receives thesignal requesting for authentication processing and the authenticationinformation through the intermediary of the network interface 107 andthe internal bus 102, then transmits them to the associated POS center17 together with the command indicating the instruction of the user 3through the intermediary of the internal bus 102 and the networkinterface 107.

[0258] In step S106, the CPU 121 of the POS center 17 reads out a key,which has been supplied from the acquirer/brand holder 1 and saved atthe RAM 127 or the HDD 129, and performs authentication processing onthe basis of the request for authentication processing and theauthentication information received through the intermediary of thenetwork interface 125, the input/output interface 122, and the internalbus 123.

[0259] In step S107, the CPU 121 of the POS center 17 determines whetherauthentication of the IC card 12 detected in step S101 has been foundvalid in the authentication processing implemented in step S106. If theCPU 121 determines in step S107 that the authentication of the IC card12 has been found invalid, then the processing proceeds to step S117.

[0260] If it is determined in step S107 that the authentication of theIC card 12 has been found valid, then the CPU 121 of the POS center 17notifies the affiliate merchant terminal unit 18-2 of the authenticationhaving been found valid through the intermediary of the internal bus123, the input/output interface 122, and the network interface 125 instep S108.

[0261] In step S109 through step S112, the same processing as that instep S87 through step S90 shown in FIG. 18 is carried out.

[0262] In step S13, the control unit 101 of the controller 32 notifiesthe POS center 17 of the processing result through the intermediary ofthe network interface 107 and the internal bus 102.

[0263] In step S114, the CPU 121 of the POS center 17 notifies theacquirer/brand holder 1 of the command processing result through theintermediary of the internal bus 123, the input/output interface 122,and the network interface 125. The notification of command processingresults may be performed sequentially each time the processing isimplemented, or at a predetermined interval of, for example, one week orone month.

[0264] In step S115 and step S116, the same processing as that of stepS92 and step S93 shown in FIG. 18 is carried out.

[0265] If it is determined in step S107 that the authentication isinvalid, or if it is determined in step S110 that the command processingis not acceptable, then the CPU 121 of the POS center 17 outputs anerror message to the affiliate merchant terminal unit 18-2 through theintermediary of the internal bus 123, the input/output interface 122,and the network interface 125 in step S117.

[0266] In step S108, the same processing as that of step S94 shown inFIG. 18 is carried out.

[0267] In conjunction with FIG. 17 and FIG. 19, the descriptions havebeen made of the processing implemented when the user 3 having the ICcard 12 uses the affiliate merchant terminal unit 18-2. Basically thesame processing as that implemented at the affiliate merchant terminalunit 18-2 under the control of the POS center 17 is carried out when theMMK 20 under the control of the MMK center 19 is used.

[0268] Referring now to FIG. 20, the detailed descriptions will be givenof the processing carried out for the user 3 to purchase goods or usevarious types of services at the cybershop 16 opened on the Internet 11,without visiting an actual store, by using the electronic money loadedinto the IC card 12, and the dispositions of the keys for carrying outthe processing.

[0269] A plurality of cybershops 16-1 through 16-m connected to theInternet 11 are arranged so as to be able to provide various types ofservices to the user 3 having the IC card 12 which uses the personalcomputer 14-1 through 14-n that can be connected to the Internet 11 andthe readers/writers 15-1 through 15-n connected to the personalcomputers 14-1 through 14-n according to a tie-up agreement with theacquirer/brand holder 1.

[0270] The cybershops 16-1 through 16-m is equipped with, for example,web servers 193-1 through 193-m that output a purchase request screen orthe like over the Internet 11 to the personal computer 14 owned by theuser 3 and receive, from the personal computer 14, authenticationinformation of the IC card 12 or the information regarding a commercialproduct that the user 3 wishes to purchase, and sales management servers191-1 through 191-m that manage inventory/sales management DBs 192-1through 192-m for recording the inventories and sales of goods and carryout the processing for providing services.

[0271] In the following descriptions, unless it is necessary toindividually distinguish among the sales management servers 191-1through 191-m, the sales management servers will be generically referredto simply as the sales management server 191. Unless it is necessary toindividually distinguish among the inventory/sales management DBs 192-1through 192-m, the inventory/sales management DBs will be genericallyreferred to simply as the inventory/sales management DB 192. Unless itis necessary to individually distinguish among the web servers 193-1through 193-m, the web servers will be generically referred to simply asthe web servers 193. The configurations of the sales management server191 and the web server 193 are basically the same as those of thepersonal computer 14 that have been described in conjunction with FIG.8; therefore, the explanation thereof will be omitted.

[0272] Even when a key K, a key L, or a key M is issued according to atie-up agreement with each of the cybershop 16-1 through 16-m, theacquirer/brand holder 1 does not distribute the issued keys to thecybershops 16-1 through 16-m. The security server 145 of theacquirer/brand holder 1 registers in the key management DB 146 theindividual keys issued to the cybershops 16-1 through 16-m,respectively. Hence, when an authentication processing request isreceived from any one of the cybershops 16-1 through 16-m, the securityserver 145 refers to the key management DB 146 to execute theauthentication processing, and outputs the authentication processingresult to the associated one of the cybershops 16-1 through 16-m overthe Internet 11.

[0273] In other words, the cybershops 16-1 through 16-m do not recordany keys. When the cybershops 16-1 through 16-m receive theauthentication information regarding the IC card 12, which has been readin by the reader/writer 15, from the personal computer 14 over theInternet 11, the cybershops output the authentication information to theacquirer/brand holder 1 over the Internet 11 to request forauthentication processing, and receive the result of the authenticationprocessing from the acquirer/brand holder 1 over the Internet 11.

[0274] Referring to the flowchart shown in FIG. 21, the descriptionswill be given of the processing performed when the user 3 having the ICcard 12 uses the personal computer 14 to access the cybershop 16 overthe Internet 11 thereby to purchase goods or services.

[0275] In step S121, the same processing as that of step S21 shown inFIG. 15 is carried out.

[0276] In step S122, the CPU 121 of the personal computer 14 accessesthe cybershop 16 through the intermediary of the internal bus 123, theinput/output interface 122, the network interface 125, and the Internet11.

[0277] In step S123, the web server 193 of the cybershop 16 outputs dataassociated with a purchase request screen to the personal computer 14over the Internet 11.

[0278] In step S124, the CPU 121 of the personal computer 14 outputs thedata associated with the purchase request screen, which has beenreceived through the intermediary of the network interface 125, theinput/output interface 122, and the internal bus 123, to the displayunit 128 through the intermediary of the internal bus 123 and theinput/output interface 122 to cause the display unit 128 to display aninput request screen. The input request screen primarily shows a messageprompting the user to set the IC card 12 at a predetermined readingposition to allow the reader/writer 15 and the IC card 12 to communicatewith each other, and a menu prompting an input operation. In this case,it is assumed that the purchase processing for a commercial product byusing the IC card 12 has been selected and instructed by the user 3 byusing the input unit 124.

[0279] In step S125 through step S128, the same processing as that ofstep S25 through step S28 shown in FIG. 15 is carried out.

[0280] In step S129, the CPU 121 of the personal computer 14 receivesthe authentication information through the intermediary of the networkinterface 125, the input/output interface 122, and the internal bus 123,and transmits the authentication information together with the commandcorresponding to the operation performed by the user 3 (the command forcarrying out the processing for purchasing a commercial product by usingthe IC card 12 in this case) to the cybershop 16.

[0281] In step S130, the web server 193 of the cybershop 16 receives theauthentication information, generates a signal for requestingauthentication processing to the acquirer/brand holder 1, and outputsthe generated signal together with the received authenticationinformation to the acquirer/brand holder 1. The web server 150 of theacquirer/brand holder 1 outputs the received information to the securityserver 145. The security server 145 carries out authenticationprocessing on the basis of the received authentication processingrequest and the authentication information by referring to the key thathas been issued to the associated cybershop 16 and stored in the keymanagement DB 146, and outputs the authentication processing result tothe cybershop 16 over the Internet 11.

[0282] In step S131, the sales management server 191 of the cybershop 16receives the authentication result from the acquirer/brand holder 1 overthe Internet 11 and the web server 193, then determines in step S132whether the authentication of the IC card 12, which was detected in stepS125, has been proven valid. If it is determined in step S132 that theauthentication of the IC card 12 is invalid, then the processingproceeds to step S144.

[0283] I step S133, the sales management server 191 of the cybershop 16notifies the personal computer 14 of the authentication having beenfound valid through the intermediary of the web server 193 and theInternet 11.

[0284] In step S134, the CPU 121 of the personal computer 14 outputs thereceived authentication result to the reader/writer 15 through theintermediary of internal bus 123, the input/output interface 122, andthe network interface 125.

[0285] In step S135, on the basis of the received authentication result,the DPU 51 of the reader/writer checks whether the processing for theuse of the IC card specified by the user 3 (e.g., the purchase of acommercial product worth 2,000 yen) is acceptable (e.g., whether thereis a balance of electronic money for the payment of the commercialproduct) primarily by reading necessary information from the IC card 12,transmitting a sales approval request to the acquirer/brand holder 1through the intermediary of the personal computer 14 and the Internet11, and receiving a response to the sales approval request.

[0286] In step S136, the DPU 51 of the reader/writer 15 outputs aresponse signal, which is received through the antenna 46 in response toan inquiry from the IC card 12, to the personal computer 14 through theintermediary of the bus 55 and the SCC 53. The CPU of the personalcomputer 14 determines whether the processing of the command isacceptable on the basis of the response received from the reader/writer15 and the response to the sales approval request received from theacquirer/brand holder 1 over the Internet 11. If it is determined instep S136 that the processing for the command is not acceptable, thenthe processing proceeds to step S144.

[0287] If it is determined in step S136 that the processing for thecommand is acceptable, then the DPU 51 of the reader/writer 15generates, in step S137, a command for causing the IC card 12 to carryout value loading (a predetermined value is subtracted from the value ofthe electronic money recorded in a file for the IC card 12), and outputsthe generated command to the SPU 52 through the bus 55. Then,predetermined processing is carried out in the SPU 52 and the modulatingcircuit 43 to generate a modulated wave for the command, and themodulated wave is output to the IC card 12 as an electromagnetic wavethrough the antenna 46.

[0288] In step S138, the same processing as that of step S90 shown inFIG. 18 is carried out.

[0289] In step S139, the DPU 51 of the reader/writer notifies thecybershop 16 of the command processing result through the intermediaryof the bus 55, the SCC 53, the personal computer 14, and the Internet11.

[0290] In step S140, the sales management server 191 of the cybershop 16updates the inventory/sales management DB 192 in step S140, and notifiesthe acquirer/brand holder 1 of the processing result through theintermediary of the web server 193 and the Internet 11 in step S141. Thenotification of the command processing results may be performedsequentially each time the processing is implemented, or at apredetermined interval of, for example, one week or one month.

[0291] In step S142 and step S143, the same processing as that of stepS39 and step S40 shown in FIG. 15 is carried out.

[0292] If it is determined that the authentication is invalid in stepS132, or if it is determined in step S136 that the command processing isnot acceptable, then the sales management server 191 of the cybershop 16outputs an error message to the personal computer 14 through theintermediary of the web server 193 and the Internet 11 in step S144.

[0293] In step S145, the same processing as that of step S42 shown inFIG. 15 is carried out.

[0294] In the processing described above, the descriptions have beenmade of the cases where the transfer of information is implemented byusing a contactless IC card. Alternatively, the hardware for recordinginformation regarding electronic money, etc. and for performing avariety of processing may be formed of various other informationprocessing devices, such as, for example, a contact type IC card, aportable telephone, a PDA, a personal computer, or timepiece.

[0295] A series of the processing steps described above mayalternatively be implemented by software. The software is installed froma recording medium into a computer wherein a program constituting thesoftware has been incorporated in the dedicated hardware thereof, or ina general-purpose personal computer, for example, that is capable ofimplementing a variety of functions by installing diverse programs.

[0296] As shown in FIG. 4, FIG. 7, or FIG. 8, the recording medium isconstructed by a magnetic disk 65, 111, or 131 (including a floppydisk), an optical disk 66, 112, or 132 (including CD-ROM and DVD), amagneto-optical disk 67, 113, or 133 (including MD), or a package mediumformed of a semiconductor memory 68, 114, or 134, etc. in which theprogram has been recorded. These recording media are distributedseparately from computers in order to provide the program to users.

[0297] In the present specification, the steps describing the programrecorded in a recording medium of course include the processing in whichthe steps are carried out in time series according to the sequencedescribed, and also include the processing carried out in parallel orseparately rather than being carried out in time series.

[0298] In the present specification, the term “system” refers to anentire apparatus constructed by a plurality of devices.

[0299] Thus, according to the inventive information processing system,information processing method, and program recorded in a recordingmedium, information is exchanged with the third information processingapparatus managed by the second business entity that issues the secondinformation processing apparatus in which electronic money informationand authentication information used for authentication processingrelated to an electronic money service are recorded, information isexchanged with a fourth information processing apparatus managed by thethird business entity that provides a service using electronic money,the authentication information used for the authentication processingrelated to the electronic money service is recorded, the informationregarding the second business entity and the information regarding atie-up agreement between the first business entity and the secondbusiness entity are recorded, the information regarding the thirdbusiness entity and the information regarding a tie-up agreement betweenthe first business entity and the third business entity are recorded,the authentication information is output on the basis of the informationregarding the tie-up agreement between the first business entity and thesecond business entity, and the authentication information is output onthe basis of the information regarding the tie-up agreement between thefirst business entity and the third business entity. Hence, in anelectronic money business, the distribution of cryptographic keys toissuers and affiliate merchants, and the operation and management of asystem can be integrated in an information processing system managed bya business entity managing a single brand, thus enabling the businessentity to reduce necessary cost.

[0300] According to the inventive electronic money service providingsystem, the first information processing apparatus exchanges informationwith the third information processing apparatus managed by the secondbusiness entity, exchanges information with the fourth informationprocessing apparatus managed by the third business entity, records theauthentication information used for the authentication processingrelated to an electronic money service, records the informationregarding the second business entity and the information regarding atie-up agreement between the first business entity and the secondbusiness entity, records the information regarding the third businessentity and the information regarding a tie-up agreement between thefirst business entity and the third business entity, outputs theauthentication information on the basis of the information regarding thetie-up agreement between the first business entity and the secondbusiness entity, and outputs the authentication information on the basisof the information regarding the tie-up agreement between the firstbusiness entity and the third business entity. The second informationprocessing apparatus records the authentication information, and alsorecords electronic money information. The third information processingapparatus exchanges information with the first information processingapparatus, records the received authentication information, records theinformation regarding the issuance of the second information processingapparatus, and carries out the authentication processing with the secondinformation processing apparatus on the basis of the recordedauthentication information. The fourth information processing apparatusexchanges information with the first information processing apparatus,records received authentication information, and carries outauthentication processing with the second information processingapparatus on the basis of the recorded authentication information.Hence, a number of issuers and affiliate merchants can participate in asingle brand, and the cost required for distributing cryptographic keysto the issuers and affiliate merchants and for running and managing asystem can be reduced.

[0301] It should be understood that various changes and modifications tothe presently preferred embodiments described herein will be apparent tothose skilled in the art. Such changes and modifications can be madewithout departing from the spirit and scope of the present invention andwithout diminishing its intended advantages. It is therefore intendedthat such changes and modifications be covered by the appended claims.

The invention is claimed as follows:
 1. An information processing systemcomprising: a first information processing apparatus managed by a firstbusiness entity performing the management of an electronic money brandin an electronic money service and the management of an affiliatebusiness entity in the electronic money service; first informationgiving and receiving means for giving and receiving information with athird information processing apparatus managed by a second businessentity issuing a second information processing apparatus in whichelectronic money information and authentication information employed forauthentication processing for the electronic money service are recorded;second information giving and receiving means for giving and receivinginformation with a fourth information processing apparatus managed by athird business entity providing a service that uses the electronicmoney; first recording means for recording the authenticationinformation used for the authentication processing for the electronicmoney service; second recording means for recording the informationregarding the second business entity and the information regarding atie-up agreement between the first business entity and the secondbusiness entity; and third recording means for recording the informationregarding the third business entity and the information regarding atie-up agreement between the first business entity and the thirdbusiness entity.
 2. An information processing system according to claim1, wherein the first information giving and receiving means outputs theauthentication information recorded by the second recording means on thebasis of the information regarding the tie-up agreement between thefirst business entity and the second business entity that has beenrecorded by the second recording means, and the second informationgiving and receiving means outputs the authentication informationrecorded by the first recording means on the basis of the informationregarding the tie-up agreement between the first business entity and thethird business entity that has been recorded by the third recordingmeans.
 3. An information processing system according to claim 1, furthercomprising first accounting means for carrying out accounting with thesecond business entity, and second accounting means for carrying outaccounting with the third business entity.
 4. An information processingsystem according to claim 1, further comprising authenticating means forcarrying out authentication processing using the authenticationinformation recorded by the first recording means, wherein theauthenticating means carries out authentication processing by using theauthentication information associated with the third business entityrecorded by the first recording means when a signal requesting theimplementation of authentication processing is received from the thirdbusiness entity by the second information giving and receiving means. 5.An information processing system according to claim 1, furthercomprising: third information giving and receiving means for giving andreceiving information, through a network, with a fifth informationprocessing apparatus that rewrites the electronic money informationrecorded in the second information processing apparatus; and generatingmeans for generating a control signal causing the fifth informationprocessing apparatus to carry out the loading of electronic money intothe second information processing apparatus, wherein the generatingmeans generates the control signal for the second information processingapparatus, which has been issued by the second business entity, on thebasis of information regarding the tie-up agreement between the firstbusiness entity and the second business entity that has been recorded bythe second recording means, and the third information giving andreceiving means outputs the control signal generated by the generatingmeans to the fifth information processing apparatus.
 6. An informationprocessing system according to claim 1, wherein the network is theInternet, and the third information giving and receiving means furtherexchanges information with a sixth information processing apparatusmanaged by the third business entity having a virtual store on theInternet.
 7. An information processing method for a first informationprocessing apparatus managed by a first business entity that performsthe management of an electronic service brand and the management of anelectronic money service affiliate business entity, comprising: a firstinformation giving and receiving step for giving and receivinginformation with a second information processing apparatus managed by asecond business entity issuing a portable electronic device in whichelectronic money information and authentication information used forauthentication processing related to the electronic money service arerecorded; a second information giving and receiving step for giving andreceiving information with a third information processing apparatusmanaged by a third business entity providing a service that uses theelectronic money; a first recording step for recording theauthentication information used for authentication processing related tothe electronic money service; a second recording step for recordinginformation regarding the second business entity and informationregarding a tie-up agreement between the first business entity and thesecond business entity; and a third recording step for recordinginformation regarding the third business entity and informationregarding a tie-up agreement between the first business entity and thethird business entity, wherein, in the first information giving andreceiving step, the authentication information, which has been recordedby the processing of the first recording step, is output on the basis ofthe information regarding the tie-up agreement between the firstbusiness entity and the second business entity that has been recorded bythe processing of the second recording step, and in the secondinformation giving and receiving step, the authentication information,which has been recorded by the processing of the first recording step,is output on the basis of the information regarding the tie-up agreementbetween the first business entity and the third business entity that hasbeen recorded by the processing of the third recording step.
 8. Arecording medium in which a computer-readable program for a firstinformation processing apparatus managed by a first business entity thatmanages an electronic money brand in an electronic money service, andacquires and manages an affiliate business entity of the electronicmoney service has been recorded, the program comprising: a firstinformation giving and receiving step for giving and receivinginformation with a third information processing apparatus managed by asecond business entity issuing a second information processing apparatusin which electronic money information and authentication informationused for authentication processing related to the electronic moneyservice are recorded; a second information giving and receiving step forgiving and receiving information with a fourth information processingapparatus managed by a third business entity providing a service thatuses the electronic money; a first recording step for recording theauthentication information used for authentication processing related tothe electronic money service; a second recording step for recordinginformation regarding the second business entity and informationregarding a tie-up agreement between the first business entity and thesecond business entity; and a third recording step for recordinginformation regarding the third business entity and informationregarding a tie-up agreement between the first business entity and thethird business entity, wherein, in the first information giving andreceiving step, the authentication information, which has been recordedby the processing of the first recording step, is output on the basis ofthe information regarding the tie-up agreement between the firstbusiness entity and the second business entity that has been recorded bythe processing of the second recording step, and in the secondinformation giving and receiving step, the authentication information,which has been recorded by the processing of the first recording step,is output on the basis of the information regarding the tie-up agreementbetween the first business entity and the third business entity that hasbeen recorded by the processing of the third recording step.
 9. Anelectronic money service providing system comprising: a firstinformation processing apparatus managed by a first business entity thatmanages an electronic money brand in an electronic money service, andacquires and manages an affiliate business entity of the electronicmoney service; a second information processing apparatus in whichelectronic money information and authentication information used forauthentication processing for the electronic money service are recorded;a third information processing apparatus managed by a second businessentity issuing the second information processing apparatus; and a fourthinformation processing apparatus managed by a third business entityproviding a service that uses the electronic money; wherein the firstinformation processing apparatus comprises: first information giving andreceiving means for giving and receiving information with the thirdinformation processing apparatus managed by the second business entity;second information giving and receiving means for giving and receivinginformation with the fourth information processing apparatus managed bythe third business entity; first recording means for recording theauthentication information used for the authentication processing forthe electronic money service; second recording means for recording theinformation regarding the second business entity and the informationregarding a tie-up agreement between the first business entity and thesecond business entity; and third recording means for recording theinformation regarding the third business entity and the informationregarding a tie-up agreement between the first business entity and thethird business entity, the first information giving and receiving meansoutputs the authentication information, which has been recorded by thefirst recording means, on the basis of the information regarding atie-up agreement between the first business entity and the secondbusiness entity that has been recorded by the second recording means,the second information giving and receiving means outputs theauthentication information, which has been recorded by the firstrecording means, on the basis of the information regarding a tie-upagreement between the first business entity and the third businessentity that has been recorded by the third recording means, the secondinformation processing apparatus comprises: fourth recording means forrecording the authentication information output to the third informationprocessing apparatus by the first information giving and receivingmeans; and fifth recording means for recording the electronic moneyinformation, the third information processing apparatus comprises: thirdinformation giving and receiving means for giving and receivinginformation with the first information processing apparatus; sixthrecording means for recording the authentication information input bythe third information giving and receiving means; seventh recordingmeans for recording information regarding the issuance of the secondinformation processing apparatus; and first authentication processingmeans for implementing authentication processing with the secondinformation processing apparatus on the basis of the authenticationinformation recorded by the sixth recording means, and the fourthinformation processing apparatus comprises: fourth information givingand receiving means for giving and receiving information with the firstinformation processing apparatus; eighth recording means for recordingthe authentication information input by the fourth information givingand receiving means; and second authentication processing means forimplementing authentication processing with the second informationprocessing apparatus on the basis of the authentication informationrecorded by the eighth recording means.
 10. An electronic money serviceproviding system according to claim 9, wherein the third informationprocessing apparatus further comprises fifth information giving andreceiving means for giving and receiving information with a plurality offifth information processing apparatuses that carry out processing forrewriting the electronic money information recorded by the fifthrecording means of the second information processing apparatus, and thefirst authenticating means carries out authentication processing on thebasis of the authentication information that has been input by the fifthinformation giving and receiving means and recorded by the fourthrecording means of the second information processing apparatus.
 11. Anelectronic money service providing system according to claim 9, whereinthe fourth information processing apparatus further comprises fifthinformation giving and receiving means for giving and receivinginformation with a plurality of fifth information processing apparatusesthat carry out processing for rewriting the electronic money informationrecorded by the fifth recording means of the second informationprocessing apparatus, and the second authenticating means carries outauthentication processing on the basis of the authentication informationthat has been input by the fifth information giving and receiving meansand recorded by the fourth recording means of the second informationprocessing apparatus.
 12. An electronic money service providing systemaccording to claim 9, wherein the fourth information processingapparatus further comprises: fifth information giving and receivingmeans for giving and receiving information with the second informationprocessing apparatus; and generating means for generating a controlsignal for rewriting the electronic money information recorded by thefifth recording means of the second information processing apparatus,and the second authenticating means for carrying out authenticationprocessing on the basis of the authentication information that has beeninput by the fifth information giving and receiving means and recordedby the fourth recording means of the second information processingapparatus.
 13. An electronic money service providing system according toclaim 9, wherein the second information processing apparatus furthercomprises ninth recording means for recording an application forimplementing at least one function among a personal authentication card,an entering and leaving key, a commuter ticket, a point card, amembership card, a cash card, a credit card, and a loan card.
 14. Anelectronic money service providing system according to claim 9, whereinthe second information processing apparatus is an IC card, a portabletelephone, an information processing terminal, a personal computer, or atimepiece.